Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

SAP-07-010.txt

🗓️ 09 May 2008 00:00:00Reported by portcullis-security.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

Re-intro of Cross-site Scripting/Cookie Theft in SAP ITS v6.2

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Code
ReporterTitlePublishedViews
Family
Cvelist		CVE-2003-0749
6 Sep 200304:00
cvelist
Cvelist		CVE-2006-5114
2 Oct 200620:00
cvelist
CVE		CVE-2003-0749
20 Oct 200304:00
cve
CVE		CVE-2006-5114
3 Oct 200604:03
cve
Check Point Advisories		SAP Internet Transaction Server wgate.dll service Parameter XSS - Ver2 (CVE-2003-0749)
3 Mar 201400:00
checkpoint_advisories
NVD		CVE-2003-0749
20 Oct 200304:00
nvd
NVD		CVE-2006-5114
3 Oct 200604:03
nvd
`Portcullis Security Advisory 07_010  
  
  
Vulnerable System:   
  
SAP Internet Transaction Server  
  
  
Vulnerability Title:   
  
Re-introduction of Cross-site Scripting/Cookie Theft Vulnerability.  
  
Previous vendor Information:  
  
Originally vendor contacted on 02.08.2003  
Product: ITS, Version 6.20  
Bugtraq ID: 8517  
CVE: CAN-2003-0749  
  
  
Vulnerability Discovery and Development:   
  
Portcullis Security Testing Services  
  
  
Credit for Discovery  
  
Andrew Davies of Portcullis Computer Security Ltd discovered this vulnerability.  
  
  
Affected systems:   
  
Version 6200.1017.50954.0, Build 730827 (win32/IIS 5.0)  
  
  
Details:  
  
Object:  
wgate.dll (win32 CGI-Communication Binary)  
  
Description:  
Insufficient input and output validation on miscellaneous userinput-parameters enables insertion of html/client side scripting tags.  
  
Example:  
  
HTTP-Requests:  
  
  
http://example.com/scripts/wgate.dll?~service=--><img%09src=javascript:alert(xss);  
or:  
http://example.com/scripts/wgate/%22);alert('xss');alert(%22a/!  
  
Impact:  
  
Due to excessive usage of cookies for managing sessions and/or states cookie-theft is very likely.  
  
Vendor Status:  
  
Vendor advised and has stated that the solution and workaround are available through SAP note 1052053.  
  
  
Copyright:   
  
Copyright © Portcullis Computer Security Limited 2007, All rights reserved   
worldwide. Permission is hereby granted for the electronic redistribution of this   
information. It is not to be edited or altered in any way without the express   
written consent of Portcullis Computer Security Limited.  
  
  
Disclaimer:   
  
The information herein contained may change without notice. Use of this   
information constitutes acceptance for use in an AS IS condition. There are   
NO warranties, implied or otherwise, with regard to this information or its   
use. Any use of this information is at the user's risk. In no event shall the   
author/distributor (Portcullis Computer Security Limited) be held liable for   
any damages whatsoever arising out of or in connection with the use or spread   
of this information.  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 May 2008 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.05519
sap internet transaction servercross-site scriptingcookie theftvulnerabilityportcullis securityandrew daviessession management
46
.json
Report