lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1404881773.20090422034701@dsecrg.com>
Date: Wed, 22 Apr 2009 03:47:01 +0400
From: "Digital Security Research Group [DSecRG]" <research@...crg.com>
To: bugtraq@...urityfocus.com, vuln@...unia.com,
	packet@...ketstormsecurity.org
Subject: SAP Cfolders Multiple Linked XSS Vulnerabilities

Digital Security Research Group [DSecRG] Advisory       #DSECRG-09-021

Original advisory: http://dsecrg.com/pages/vul/show.php?id=121

Application:                    SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms))
Vendor URL:                     http://SAP.com
Bugs:                           Multiple Liked XSS
Risk:                           Hight
Exploits:                       YES
Reported:                       12.01.2009
Vendor response:                13.01.2009
patched:                        21.01.2009
Date of Public Advisory:        21.04.2009
Reference:                      SAP note 1292875 
Author:                         Digital Security Research Group [DSecRG] (research [at] dsec [dot] ru)



Description
***********

cFolders (Collaboration Folders) is the SAP web-based  application for collaborative sharing of information. 
cFolders is part of a suite of applications powered by SAP® NetWeaver™ that integrate project management, 
knowledge management and resource management in collaborative inter-enterprise and intra-enterprise 
environments. 

cFolders is integrated to SAP ECC, SAP Product Lifecycle 
Management (PLM), SAP Supplier Relationship Management (SRM), SAP Knowledge Management and SAP 
NetWeaver™ cRooms (collaboration rooms). Virtual teams can access, view online, subscribe for changes, and 
redline documents and product information. Partners and suppliers can interact with cFolders in predefined 
collaborative or competitive scenarios. 



Details
*******

Multiple Linked XSS vulnerabilities found in SAP Cfolders engine. Any user can cheate a vulnerable link 
and steal user's or administrator's cookie.

He can do this using 3 Linked XSS vulnerabilities.


1. Linked XSS found in col_table_filter.htm page. Vulnerable parameter "p_current_role"

Example: 
https://sapserver/sap/bc/bsp/sap/cfx_rfc_ui/col_table_filter.htm?p_current_role=aaaaaaaa<IMG/SRC=JaVaScRiPt:alert('DSECRG')>
 

2. Linked XSS found in me_ov.htm page. Vulnerable parameter "p_current_role"


Example: 
https://sapserver/sap/bc/bsp/sap/cfx_rfc_ui/me_ov.htm?p_current_role= aaaaaaaa<IMG/SRC=JaVaScRiPt:alert('DSECRG')>



Fix Information
***************

The issue has been solved. See SAP note 1292875.



References:
***********

SAP note 1292875 

https://service.sap.com/sap/support/notes/1292875 



About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact:        research [at] dsecrg [dot] com
                http://www.dsecrg.com   
                http://www.dsec.ru

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ