Digital Security Research Group [DSecRG] Advisory #DSECRG-09-016
!!! original advisory !!!
http://dsecrg.com/pages/vul/DSECRG-09-016.html
Application: SAPDB
Versions Affected: Last
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 20.11.2008
Vendor response: 20.11.2008
Date of Public Advisory: 31.03.2009
CVE-number:
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot]
ru)
Description
SAP MaxDB Web Database engine which listens port 9999 has Linked XSS security vulnerability
Details
Linked XSS vulnerability found in script "webdbm".
vulnerable parameters are:
Server
Database
User
Attacker can inject XSS in this parameters and steal administrators cookie.
Alternatively he can make a fake login page by injecting a script than can change login page and
send passwords to attacker when
user try to log on.
Example:
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=[XSS]
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&User=[XSS]
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=&User=&Password=[XSS]
Solution
The responsible development unit said that webdbm
is outdated and that customers should deinstall it and use the "Database Studio" instead.
See SAP note 1281820.
References:
SAP note 1281820.
About
Digital Security is leading IT security company in Russia, providing information security
consulting, audit and penetration testing services, risk analysis and ISMS-related services and
certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability reports, advisories and
whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.dsec.ru
Polyakov Alexandr
Information Security Analyst
DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]
www.dsec.ru