Details of VAR-E-201203-0123

ID

VAR-E-201203-0123

EDB ID

36935

TITLE

SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting - ASP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36935

DESCRIPTION

SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting. CVE-80639 . webapps exploit for ASP platform

Trust: 0.6

sources: EXPLOIT-DB: 36935

AFFECTED PRODUCTS

vendor:	sap	model:	business objects infoview system	scope:	-	version:	-	Trust: 1.0
vendor:	sap	model:	business objects xi r2	scope:	-	version:	-	Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36935

EXPLOIT

source: https://www.securityfocus.com/bid/52361/info

SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

SAP Business Objects XI R2 is vulnerable; other versions may be affected.

https://www.example.com/businessobjects/enterprise115/infoview/help/helpredir.aspx?guide='+alert('XSS 1')+'&lang=en&rpcontext='+alert('XSS 2')+'#

Trust: 1.0

sources: EXPLOIT-DB: 36935

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36935

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36935

TYPE

'/help/helpredir.aspx?guide' Cross-Site Scripting

Trust: 1.0

sources: EXPLOIT-DB: 36935

CREDITS

vulns@dionach.com

Trust: 0.6

sources: EXPLOIT-DB: 36935

EXTERNAL IDS

db:	EXPLOIT-DB	id:	36935	Trust: 1.9
db:	BID	id:	52361	Trust: 1.9
db:	EDBNET	id:	58217	Trust: 0.6

sources: BID: 52361 // EXPLOIT-DB: 36935 // EDBNET: 58217

REFERENCES

url:	https://www.securityfocus.com/bid/52361/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36935/	Trust: 0.6
url:	http://www.sap.com/solutions/sapbusinessobjects/index.epx	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36936	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36934	Trust: 0.3
url:	https://www.exploit-db.com/exploits/36935	Trust: 0.3

sources: BID: 52361 // EXPLOIT-DB: 36935 // EDBNET: 58217

SOURCES

db:	BID	id:	52361
db:	EXPLOIT-DB	id:	36935
db:	EDBNET	id:	58217

LAST UPDATE DATE

2022-07-27T09:30:25.302000+00:00

SOURCES UPDATE DATE

db:

BID

id:

52361

date:

2012-03-08T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	52361	date:	2012-03-08T00:00:00
db:	EXPLOIT-DB	id:	36935	date:	2012-03-08T00:00:00
db:	EDBNET	id:	58217	date:	2012-03-08T00:00:00