Signature Detail

HTTP: InterWoven WorkDocs XSS Vulnerability

This signature detects attempts to exploit a known cross-site scripting vulnerability against Interwoven WorkDocs, a document management tool for the enterprise. It is possible for a malicious attacker to inject script code into malformed URL which may eventually lead to many different attack scenarios including the gathering of credentials for use within WorkDocs. Depending on the script executed, the victim's browser will behave according to the functionality of the injected script. For example, if the attacker injects the following scripting code, "<script>location.reload()</script>", the client's browser will keep reloading the present URL infinitely, forcing the visitor to close the current Browser window. If the script was "<script>alert(document.cookie)</script>', the browser will popup an alert dialog displaying the current cookie. Therefore, depending on the goal of the attacker, the behaviour of the attack target will change.