SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability

2003-08-30T00:00:00
ID EDB-ID:23069
Type exploitdb
Reporter Martin Eiszner
Modified 2003-08-30T00:00:00

Description

SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability. CVE-2003-0747 . Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/8515/info

A vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information. 

http://www.server.name/scripts/wgate/pbw2/!?

with params:
~runtimemode=DM&
~language=en&
~theme=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&