Sign-up

ID

VAR-E-200511-0202


CVE

cve_id:CVE-2005-3636

Trust: 1.6

sources: EXPLOIT-DB: 26486 // EDBNET: 48459

EDB ID

26486


TITLE

SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 26486

DESCRIPTION

SAP Web Application Server 6.x/7.0 - Error Page Cross-Site Scripting. CVE-2005-3636CVE-20715 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 26486

AFFECTED PRODUCTS

vendor:sapmodel:web application serverscope:eqversion:6.x/7.0

Trust: 1.0

vendor:sapmodel:web application serverscope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.40

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.20

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.10

Trust: 0.3

sources: BID: 15361 // EXPLOIT-DB: 26486

EXPLOIT

source: https://www.securityfocus.com/bid/15361/info

SAP Web Application Server is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

This issue only affects the BSP runtime of SAP WAS.

http://www.example.com/sap/bc/BSp/sap/index.html%3Cscript%3Ealert('xss')%3C/script%3E

Trust: 1.0

sources: EXPLOIT-DB: 26486

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 26486

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 26486

TYPE

Error Page Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 26486

CREDITS

Leandro Meiners

Trust: 0.6

sources: EXPLOIT-DB: 26486

EXTERNAL IDS

db:BIDid:15361

Trust: 1.9

db:NVDid:CVE-2005-3636

Trust: 1.6

db:EXPLOIT-DBid:26486

Trust: 1.6

db:EDBNETid:48459

Trust: 0.6

sources: BID: 15361 // EXPLOIT-DB: 26486 // EDBNET: 48459

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2005-3636

Trust: 1.6

url:https://www.securityfocus.com/bid/15361/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/26486/

Trust: 0.6

url:http://www.sap.com

Trust: 0.3

sources: BID: 15361 // EXPLOIT-DB: 26486 // EDBNET: 48459

SOURCES

db:BIDid:15361
db:EXPLOIT-DBid:26486
db:EDBNETid:48459

LAST UPDATE DATE

2022-07-27T09:23:31.070000+00:00


SOURCES UPDATE DATE

db:BIDid:15361date:2005-11-09T00:00:00

SOURCES RELEASE DATE

db:BIDid:15361date:2005-11-09T00:00:00
db:EXPLOIT-DBid:26486date:2005-11-09T00:00:00
db:EDBNETid:48459date:2005-11-09T00:00:00