Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21560
HistoryApr 01, 2009 - 12:00 a.m.

[DSECRG-09-016] SAP SAPDB Multiple XSS

2009-04-0100:00:00
vulners.com
56
JSON

Digital Security Research Group [DSecRG] Advisory #DSECRG-09-016
!!! original advisory !!!
http://dsecrg.com/pages/vul/DSECRG-09-016.html

Application: SAPDB
Versions Affected: Last
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 20.11.2008
Vendor response: 20.11.2008
Date of Public Advisory: 31.03.2009
CVE-number:
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot]
ru)

Description

SAP MaxDB Web Database engine which listens port 9999 has Linked XSS security vulnerability

Details

Linked XSS vulnerability found in script "webdbm".

vulnerable parameters are:

Server
Database
User

Attacker can inject XSS in this parameters and steal administrators cookie.
Alternatively he can make a fake login page by injecting a script than can change login page and
send passwords to attacker when

user try to log on.

Example:

http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=[XSS]
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&User=[XSS]
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=&User=&Password=[XSS]

Solution

The responsible development unit said that webdbm
is outdated and that customers should deinstall it and use the "Database Studio" instead.
See SAP note 1281820.

References:

SAP note 1281820.

About

Digital Security is leading IT security company in Russia, providing information security
consulting, audit and penetration testing services, risk analysis and ISMS-related services and
certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.dsec.ru

Polyakov Alexandr
Information Security Analyst

DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]
www.dsec.ru

This message and any attachment are confidential and may be privileged or otherwise protected
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure
is strictly prohibited. If you have received this message in error, please notify the sender
immediately
either by telephone or by e-mail and delete this message and any attachment from your system.
Correspondence
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally
binding
statements by e-mail unless otherwise agreed.

JSON