Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25548
HistoryJan 26, 2011 - 12:00 a.m.

[DSECRG-00142] SAP Crystal Reports 2008 - actionNavjsp_xss

2011-01-2600:00:00
vulners.com
48
JSON
  XSS vulnerability found in SAP Crystal Report Server 2008

Application: SAP Crystal Report Server 2008
Versions Affected: SAP Crystal Report Server 2008
Vendor URL: http://sap.com
Bugs: Linked XSS Vulnerability
Exploits: YES
Reported: 04.03.2010
Vendor response: 05.03.2010
Date of SAPNOTE Published: 8.10.2010
Date of Public Advisory: 14.01.2011
Authors: Dmitry Chastuhin
Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)

Description

SAP Crystal Report Server 2008 contains a variety of features with which users can
manage and share
interactive reports and dashboards, as well as provide access to them via the
Internet.

Details

Multiple XSS vulnerabilities found in InfoView module

  1.  Vulnerability discovered in JSP - page actionNav.jsp module InfoView,

located at http://sap_server_adr:8080/InfoViewApp/jsp/common/actionNav.faces.
Vulnerable parameter - "actId".
Any user can cheat a vulnerable link and steal user's or Administrator's cookie.

  1.  Vulnerability discovered in JSP - page error.jsp module InfoView, located

at http://sap_server_adr:8080/InfoViewApp/jsp/common/error.jsp
Vulnerable parameter - "backUrl "
Any user can cheat a vulnerable link and steal user's or Administrator's cookie.
3. Vulnerability discovered in JSP - page logon.jsp module InfoView, located
at http://sap_server_adr:8080/InfoViewApp/logon.jsp
Vulnerable parameter - " logonAction "
Any user can cheat a vulnerable link and steal user's or Administrator's cookie

References

http://dsecrg.com/pages/vul/show.php?id=301
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
https://service.sap.com/sap/support/notes/1458310

Fix Information

Solution to this issue is given in the 1458310 security note.

About

Digital Security:

Is one of the leading IT security companies in CEMEA, providing information
security consulting, audit and penetration testing services, ERP and SAP security
assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.

Digital Security Research Group:

International subdivision of Digital Security company focused on research and
software development for securing business-critical systems like:enterprise
applications (ERP,CRM,SRM), technology systems (SCADA, Smart Grid) and banking
software. DSecRG developed new product "ERPSCAN security suite for SAP Netweaver"
and service "ERPSCAN Online" which can help customers to perform automated security
assessments and compliance checks for SAP solutions.

Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.erpscan.com

Polyakov Alexandr. PCI QSA,PA-QSA
CTO Digital Security
Head of DSecRG

DIGITAL SECURITY
phone: +7 812 703 1547
+7 812 430 9130
e-mail: [email protected]

www.dsec.ru
www.dsecrg.com www.dsecrg.ru
www.erpscan.com www.erpscan.ru
www.pcidssru.com www.pcidss.ru

This message and any attachment are confidential and may be privileged or
otherwise protected
from disclosure. If you are not the intended recipient any use, distribution,
copying or disclosure
is strictly prohibited. If you have received this message in error, please notify
the sender immediately
either by telephone or by e-mail and delete this message and any attachment from
your system. Correspondence
via e-mail is for information purposes only. Digital Security neither makes nor
accepts legally binding
statements by e-mail unless otherwise agreed.

JSON