|
Feeds -
Exploits
|
|
Written by Digital Security Research Group [DSecRG]
|
|
Tuesday, 31 March 2009 22:39 |
SAP MaxDB 'webdbm' Multiple Cross Site Scripting Vulnerabilities
-\\Bugtraq ID:
34319
-\\Class:
Input Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 31 2009 12:00AM
-\\Updated:
Mar 31 2009 09:16PM
-\\Credit:
Digital Security Research Group [DSecRG]
-\\Vulnerable:
SAP MaxDB 7.6.3 build 007
SAP MaxDB 7.6.03.15
SAP MaxDB 7.6.00.37
SAP MaxDB 7.6.0.37
SAP MaxDB 7.4.3.32
-\\Discussion
SAP MaxDB is prone to multiple cross-site scripting vulnerabilities because it fails to
sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of
an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
-\\Exploit(s)/PoC(s):
To exploit these issues, an attacker must entice an unsuspecting victim into following a
malicious URI.
The following example URIs are available:
http://example.com:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=[XSS]
http://example.com:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&User=[XSS]
http://example.com:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=
&User=&Password=[XSS]
-\\Solution
Reportedly, the vendor has released a replacement for the vulnerable process. Please contact
the vendor for details.
-\\References(s)
--SAP MaxDB Homepage
https://www.sdn.sap.com/irj/sdn/maxd (SAP)
--[DSECRG-09-016] SAP SAPDB Multiple XSS
http://www.securityfocus.com/archive/1/50231 (Alexandr Polyakov <
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
>)
|
