Sign-up

ID

VAR-E-200511-0480


CVE

cve_id:CVE-2005-3634

Trust: 1.6

sources: EXPLOIT-DB: 26488 // EDBNET: 48461

EDB ID

26488


TITLE

SAP Web Application Server 6.x/7.0 - Open Redirection - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 26488

DESCRIPTION

SAP Web Application Server 6.x/7.0 - Open Redirection. CVE-2005-3634CVE-35866 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 26488

AFFECTED PRODUCTS

vendor:sapmodel:web application serverscope:eqversion:6.x/7.0

Trust: 1.0

vendor:sapmodel:web application serverscope:eqversion:7.0

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.40

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.20

Trust: 0.3

vendor:sapmodel:web application serverscope:eqversion:6.10

Trust: 0.3

sources: BID: 15362 // EXPLOIT-DB: 26488

EXPLOIT

source: https://www.securityfocus.com/bid/15362/info

SAP Web Application Server is reported prone to a remote URI redirection vulnerability.

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.

A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.

This issue only affects the BSP runtime of SAP WAS.

http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com

Trust: 1.0

sources: EXPLOIT-DB: 26488

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 26488

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 26488

TYPE

Open Redirection

Trust: 1.0

sources: EXPLOIT-DB: 26488

CREDITS

Leandro Meiners

Trust: 0.6

sources: EXPLOIT-DB: 26488

EXTERNAL IDS

db:BIDid:15362

Trust: 1.9

db:NVDid:CVE-2005-3634

Trust: 1.6

db:EXPLOIT-DBid:26488

Trust: 1.6

db:EDBNETid:48461

Trust: 0.6

sources: BID: 15362 // EXPLOIT-DB: 26488 // EDBNET: 48461

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2005-3634

Trust: 1.6

url:https://www.securityfocus.com/bid/15362/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/26488/

Trust: 0.6

url:http://www.sap.com

Trust: 0.3

sources: BID: 15362 // EXPLOIT-DB: 26488 // EDBNET: 48461

SOURCES

db:BIDid:15362
db:EXPLOIT-DBid:26488
db:EDBNETid:48461

LAST UPDATE DATE

2022-07-27T09:51:05.182000+00:00


SOURCES UPDATE DATE

db:BIDid:15362date:2005-11-09T00:00:00

SOURCES RELEASE DATE

db:BIDid:15362date:2005-11-09T00:00:00
db:EXPLOIT-DBid:26488date:2005-11-09T00:00:00
db:EDBNETid:48461date:2005-11-09T00:00:00