Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SAP Internet Transaction Server XSS vulnerability

from [info] Network Security [Permanent Link]
Subject: SAP Internet Transaction Server XSS vulnerability
Date: 28 Sep 2006 10:05:05 -0000 
Vulnerability class : Cross-Site Scripting
Discovery date : 13 September 2006
Remote : Yes
Credit : ILION Research Labs 
Vulnerable : SAP ITS
Vulnerable version: Versions 6.1 and 6.2 have been found to be vulnerable. 
Other versions might be too.


A XSS (Cross-Site-Scripting) vulnerability has been uncovered in SAP Internet 
Transaction Server. 
This allows an attacker to submit a crafted link to users of the
vulnerable Web application in order to abuse their trust and steal their
authentication credentials or hijack their sessions when the targeted web site 
contains a login page.

When SSL is used while connecting to the login page, trust abuse can be 
complete since the SSL certificate can appear as vouching for the 
trustworthiness of the website while the page actually displayed is hosted on a 
malicious third-party server (this can be done by using the <iframe> tag of IE 
for example).


Proof-of-concept exploits:

http://WWW:VULNERABLE_SERVER.COM/scripts/wgate/!?~urlmime=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cimg%20src=%22

http://WWW:VULNERABLE_SERVER.COM/scripts/wgate/!?~command=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cimg%20src=%22
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SAP Internet Transaction Server XSS vulnerability, info <=
Previous by Date:  Multitple XSS Vulnerabilities in Red Mombin 0.7, security
Next by Date:  Re: [Full-disclosure] VML Exploit vs. AV/IPS/IDS signatures, avivra
Previous by Thread:  Multitple XSS Vulnerabilities in Red Mombin 0.7, security
Next by Thread:  FreeBSD Security Advisory FreeBSD-SA-06:23.openssl, FreeBSD Security Advisories
Indexes:  [Date] [Thread] [Top] [All Lists]