Sign-up

ID

VAR-E-201203-0122


EDB ID

36936


TITLE

SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting - ASP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36936

DESCRIPTION

SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting. CVE-80640 . webapps exploit for ASP platform

Trust: 0.6

sources: EXPLOIT-DB: 36936

AFFECTED PRODUCTS

vendor:sapmodel:business objects infoview systemscope: - version: -

Trust: 1.0

vendor:sapmodel:business objects xi r2scope: - version: -

Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36936

EXPLOIT

source: https://www.securityfocus.com/bid/52361/info

SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP Business Objects XI R2 is vulnerable; other versions may be affected.

https://www.example.com/businessobjects/enterprise115/infoview/webi/webi_modify.aspx?id='+alert('XSS')+'#

Trust: 1.0

sources: EXPLOIT-DB: 36936

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36936

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36936

TYPE

'/webi/webi_modify.aspx?id' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 36936

CREDITS

vulns@dionach.com

Trust: 0.6

sources: EXPLOIT-DB: 36936

EXTERNAL IDS

db:EXPLOIT-DBid:36936

Trust: 1.9

db:BIDid:52361

Trust: 1.9

db:EDBNETid:58218

Trust: 0.6

sources: BID: 52361 // EXPLOIT-DB: 36936 // EDBNET: 58218

REFERENCES

url:https://www.securityfocus.com/bid/52361/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/36936/

Trust: 0.6

url:http://www.sap.com/solutions/sapbusinessobjects/index.epx

Trust: 0.3

url:https://www.exploit-db.com/exploits/36936

Trust: 0.3

url:https://www.exploit-db.com/exploits/36934

Trust: 0.3

url:https://www.exploit-db.com/exploits/36935

Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36936 // EDBNET: 58218

SOURCES

db:BIDid:52361
db:EXPLOIT-DBid:36936
db:EDBNETid:58218

LAST UPDATE DATE

2022-07-27T09:30:25.341000+00:00


SOURCES UPDATE DATE

db:BIDid:52361date:2012-03-08T00:00:00

SOURCES RELEASE DATE

db:BIDid:52361date:2012-03-08T00:00:00
db:EXPLOIT-DBid:36936date:2012-03-08T00:00:00
db:EDBNETid:58218date:2012-03-08T00:00:00