ID
VAR-E-200511-0480
CVE
cve_id: | CVE-2005-3634 | Trust: 1.6 |
EDB ID
26488
TITLE
SAP Web Application Server 6.x/7.0 - Open Redirection - PHP webapps Exploit
Trust: 0.6
DESCRIPTION
SAP Web Application Server 6.x/7.0 - Open Redirection. CVE-2005-3634CVE-35866 . webapps exploit for PHP platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | sap | model: | web application server | scope: | eq | version: | 6.x/7.0 | Trust: 1.0 |
vendor: | sap | model: | web application server | scope: | eq | version: | 7.0 | Trust: 0.3 |
vendor: | sap | model: | web application server | scope: | eq | version: | 6.40 | Trust: 0.3 |
vendor: | sap | model: | web application server | scope: | eq | version: | 6.20 | Trust: 0.3 |
vendor: | sap | model: | web application server | scope: | eq | version: | 6.10 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/15362/info
SAP Web Application Server is reported prone to a remote URI redirection vulnerability.
It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.
A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.
This issue only affects the BSP runtime of SAP WAS.
http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Open Redirection
Trust: 1.0
CREDITS
Leandro Meiners
Trust: 0.6
EXTERNAL IDS
db: | BID | id: | 15362 | Trust: 1.9 |
db: | NVD | id: | CVE-2005-3634 | Trust: 1.6 |
db: | EXPLOIT-DB | id: | 26488 | Trust: 1.6 |
db: | EDBNET | id: | 48461 | Trust: 0.6 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2005-3634 | Trust: 1.6 |
url: | https://www.securityfocus.com/bid/15362/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/26488/ | Trust: 0.6 |
url: | http://www.sap.com | Trust: 0.3 |
SOURCES
db: | BID | id: | 15362 |
db: | EXPLOIT-DB | id: | 26488 |
db: | EDBNET | id: | 48461 |
LAST UPDATE DATE
2022-07-27T09:51:05.182000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 15362 | date: | 2005-11-09T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 15362 | date: | 2005-11-09T00:00:00 |
db: | EXPLOIT-DB | id: | 26488 | date: | 2005-11-09T00:00:00 |
db: | EDBNET | id: | 48461 | date: | 2005-11-09T00:00:00 |