SAP HANA 4 suffers from a cross site scripting vulnerability.
a0daf36520fc56176d67238cb460461404b24b55ef1a82573fb40b74b8c00c63
SAP Hana Cloud Platform Cockpit Cross site Scripting Vulnerabilities
========================================================================
Vender:
SAP
Product:
SAP HANA CLoud
Vulnerability Type:
Cross site scripting
Title:
SAP Hana Cloud Cross scripting in User Display Name
Details:
SAP Hana cloud allows any user with the least privileges to input arbitrary client side JS code into the Display Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon viewing the victim's profile.
Note: All webpages of the domain are affected
Vulnerable Parameter:
SAP Hana Cloud User Account Display Name "Display Name"
Method:
POST
Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/accountmanagement
Post data
<name="Display Name" value="007"><img src=x onerror=prompt(document.cookie);>
Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.
Severity Level:
Critical
------------------------------------------------------------------------
Vender:
SAP
Product:
SAP HANA CLoud
Vulnerability Type:
Cross site scripting
Title:
SAP Hana Cloud Cross site scripting in HTML5 Application Name
Details:
SAP Hana cloud allows users to input arbitrary client side JS code into the HTML5 Application Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the HTML5 application
Vulnerable Parameter:
SAP Hana Cloud HTML5 Application Name "Application Name"
Method:
POST
Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/hcproxy
Post data
<name="Application Name" value="007"><img src=x onerror=prompt(document.cookie);>
Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.
Severity Level:
Critical
------------------------------------------------------------------------
Vender:
SAP
Product:
SAP HANA CLoud
Vulnerability Type:
Cross site scripting
Title:
SAP Hana Cloud Cross scripting in Database Repository Name
Details:
SAP Hana cloud allows users to input arbitrary client side JS code into the Database Repository Name parameter. Victim intervention is not required for the successful as the code is stored and execute in the browser upon user edition of the Database Repo application
Vulnerable Parameter:
SAP Hana Cloud HTML5 Database Repository Name "Display Name"
Method:
POST
Exploit Code:
https://localhost/a/cockpit#/acc/[account-id]/repositories/[repository-name]/ecmrepositorysettings
Post data
<name="Display Name" value="007"><img src=x onerror=prompt(document.cookie);>
Impact:
Since there is no requirement of Victim intervention, Session ID and data theft may follow as well as possibility to
bypass CSRF protections, injection of iframes to establish communication channels etc.
Severity Level:
Critical