SAPDB Cross Site Scripting

2009-04-01T00:00:00
ID PACKETSTORM:76246
Type packetstorm
Reporter dsecrg.com
Modified 2009-04-01T00:00:00

Description

                                        
                                            `Digital Security Research Group [DSecRG] Advisory #DSECRG-09-016  
!!! original advisory !!!  
http://dsecrg.com/pages/vul/DSECRG-09-016.html  
  
Application: SAPDB  
Versions Affected: Last  
Vendor URL: http://SAP.com  
Bugs: XSS  
Exploits: YES  
Reported: 20.11.2008  
Vendor response: 20.11.2008  
Date of Public Advisory: 31.03.2009  
CVE-number:  
Author: Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)  
  
  
  
Description  
***********  
  
SAP MaxDB Web Database engine which listens port 9999 has Linked XSS security vulnerability  
  
  
  
Details  
*******  
  
  
Linked XSS vulnerability found in script "webdbm".  
  
vulnerable parameters are:  
  
Server  
Database  
User  
  
Attacker can inject XSS in this parameters and steal administrators cookie.  
Alternatively he can make a fake login page by injecting a script than can change login page and  
send passwords to attacker when  
  
  
user try to log on.  
  
  
  
Example:  
*******  
  
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=[XSS]  
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&User=[XSS]  
http://[server]:9999/webdbm?Event=DBM_LOGON&Action=VIEW&Server=&Database=&User=&Password=[XSS]  
  
  
  
Solution  
***************  
  
The responsible development unit said that webdbm  
is outdated and that customers should deinstall it and use the "Database Studio" instead.  
See SAP note 1281820.  
  
  
References:  
***********  
SAP note 1281820.  
  
  
About  
*****  
  
Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.  
  
  
Contact: research [at] dsecrg [dot] com  
http://www.dsecrg.com  
http://www.dsec.ru  
  
  
  
  
  
  
  
Polyakov Alexandr  
Information Security Analyst  
______________________  
DIGITAL SECURITY  
phone: +7 812 703 1547  
+7 812 430 9130  
e-mail: a.polyakov@dsec.ru   
www.dsec.ru  
  
  
-----------------------------------  
This message and any attachment are confidential and may be privileged or otherwise protected   
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure   
is strictly prohibited. If you have received this message in error, please notify the sender immediately   
either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence   
via e-mail is for information purposes only. Digital Security neither makes nor accepts legally binding   
statements by e-mail unless otherwise agreed.   
-----------------------------------   
`