Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Cross site scripting with SAP
From: Aurélien Cabezon [iSecureLabs] <aurelien.cabezon () ISECURELABS COM>
Date: Wed, 14 Mar 2001 10:03:56 +0100
Hi all,

"Cross site scripting vulnerability  like" on SAP Internet Transaction
Server (ITS, Version 4640.2.0.328048, Build 46DC2.328048, Virtual Server
CRP)

A "Cross Site Scripting vulnerability like" was discovered on SAP Web
Services allowing a malicious webmaster to create a crafted url pointing to
a vulnerable SAP server in order to execute hostile Java Script code on the
client computer who follow this crafted link.

It is possible to pass wrong arguments to a SAP page in order to request an
error page which contains thoses arguments.
The string passed in argument is not checked by SAP for special characters,
so it is possible to intrude HTML code or Hostile JavaScript code in the
error page.
When the client follow this kind of link, an hostile JavaScript code can be
executed on his computer.
It can be a way to compromise the client's computer security.

For further informations, contact : admin () iSecureLabs com
Sorry for our bad english, we are french guy.

http://www.iSecureLabs.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]