Details of VAR-E-201007-1003

ID

VAR-E-201007-1003

EDB ID

34370

TITLE

SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting - JSP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 34370

DESCRIPTION

SAP NetWeaver 6.4/7.0 - 'wsnavigator' Cross-Site Scripting.. webapps exploit for JSP platform

Trust: 0.6

sources: EXPLOIT-DB: 34370

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	6.4/7.0	Trust: 1.6
vendor:	sap	model:	netweaver	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	eq	version:	6.4	Trust: 0.3

sources: BID: 41925 // EXPLOIT-DB: 34370 // EDBNET: 55713

EXPLOIT

source: https://www.securityfocus.com/bid/41925/info

SAP Netweaver is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

SAP Netweaver 6.4 through 7.0 is vulnerable; other versions may also be affected.

https://www.example.com/wsnavigator/jsps/explorer/help.jsp?title=Test">AAAAAAAA<script>alert('XSS')</script>

Trust: 1.0

sources: EXPLOIT-DB: 34370

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 34370

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 34370

TYPE

'wsnavigator' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 34370

CREDITS

Alexandr Polyakov

Trust: 0.6

sources: EXPLOIT-DB: 34370

EXTERNAL IDS

db:	EXPLOIT-DB	id:	34370	Trust: 1.9
db:	BID	id:	41925	Trust: 1.9
db:	EDBNET	id:	55713	Trust: 0.6

sources: BID: 41925 // EXPLOIT-DB: 34370 // EDBNET: 55713

REFERENCES

url:	https://www.securityfocus.com/bid/41925/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/34370/	Trust: 0.6
url:	https://www.exploit-db.com/exploits/34370	Trust: 0.3
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3
url:	http://dsecrg.com/pages/vul/show.php?id=140	Trust: 0.3

sources: BID: 41925 // EXPLOIT-DB: 34370 // EDBNET: 55713

SOURCES

db:	BID	id:	41925
db:	EXPLOIT-DB	id:	34370
db:	EDBNET	id:	55713

LAST UPDATE DATE

2022-07-27T09:57:07.402000+00:00

SOURCES UPDATE DATE

db:

BID

id:

41925

date:

2010-07-23T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	41925	date:	2010-07-23T00:00:00
db:	EXPLOIT-DB	id:	34370	date:	2010-07-23T00:00:00
db:	EDBNET	id:	55713	date:	2010-07-23T00:00:00