Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
SAP Web Application Server Remote URI Redirection Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
Web Application Server
by:
Unknown
5.5
CVSS
MEDIUM
Remote URI Redirection
601
CWE
Product Name: Web Application Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: sap:web_application_server
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SAP Web Application Server Remote URI Redirection Vulnerability

An attacker can exploit this vulnerability by supplying the URI of a malicious site through the 'sap-exiturl' parameter. This can lead to various attacks, including theft of cookie-based authentication credentials and phishing-style attacks.

Mitigation:

Apply the necessary patches or updates provided by SAP. Avoid clicking on suspicious links or visiting untrusted websites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15362/info

SAP Web Application Server is reported prone to a remote URI redirection vulnerability.

It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through the 'sap-exiturl' parameter.

A successful attack may result in various attacks including theft of cookie-based authentication credentials. An attacker may also be able to exploit this vulnerability to enhance phishing style attacks.

This issue only affects the BSP runtime of SAP WAS. 

http://www.example.com/sap/bc/BSp/sap/menu/fameset.htm?sap--essioncmd=close&sapexiturl=http%3a%2f%2fwww.example.com

Navigation

Suggest Exploit

Services By CQR