SAP Crystal Report Server 2008 Directory Traversal

ID 1337DAY-ID-15332
Type zdt
Reporter Dmitriy Chastuhin
Modified 2011-01-27T00:00:00


Exploit for jsp platform in category web applications

                                            Application:                    SAP Crystal Report Server 2008
Versions Affected:               SAP Crystal Report Server 2008
Vendor URL:           
Bugs:                           Directory Traversal File Read
Exploits:                        YES
Reported:                       29.03.2010
Vendor response:                30.03.2010
Date of SAPNOTE Published:    8.10.2010
Date of Public Advisory:        14.01.2011
Authors:                        Dmitriy Chastuhin
                        Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]com)
SAP Crystal Report Server 2008 contains a variety of features with which users can manage and share interactive reports and dashboards, as well as provide access to them via the Internet.
Directory Traversal vulnerability was found in script qa.jsp
With this vulnerability, an authenticated attacker can read any file on the server.
Fix Information
Solution to this issue is given in the 1476930 security note.

# [2018-04-08]  #