SAP Lumira 1.31 - Stored Cross-Site Scripting

vendor:

SAP Lumira

by:

Ilca Lucian Florin

7.5

CVSS

HIGH

Stored Cross-Site Scripting

CWE

Product Name: SAP Lumira

Affected Version From: 1

Affected Version To: 1.31

Patch Exists: NO

Related CWE:

CPE: a:sap:lumira

Metasploit:

Other Scripts:

Platforms Tested: Windows 7, Windows 10, Internet Explorer 11, Google Chrome 84.0.4147.105

2020

SAP Lumira 1.31 – Stored Cross-Site Scripting

The SAP Lumira version 1.31 and below is vulnerable to stored cross-site scripting (XSS). An attacker can exploit this vulnerability by creating a new variable and injecting malicious scripts into it. When the variable is opened, the script will be executed, allowing the attacker to perform various actions, such as stealing cookies or executing arbitrary code.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a version of SAP Lumira that is not affected by this issue. Alternatively, users can validate and sanitize input data to prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

# Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting
# Date: 13.08.2020
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: https://www.sap.com
# Software Link: SAP Lumira
# Version: <= 1.31
# Tested on: Windows 7 / Windows 10 / Internet Explorer 11 / Google Chrome 84.0.4147.105

# Vulnerable System: https://system/BOE/BI

# Reproduce Cross Site Scripting (XSS):

1. Select Web Intelligence Button
2. Wait for SAP Business Objects to load complete
3. CTRL +N or click on New Document
4. Create an empty document
5. Select new variable
6. Select random name for the variable
7. Add the XSS vectors from evidence
8. Open variable tab and click on new created variable name

# Cross Site Scripting (XSS) Vectors Used:

• "><h1><IFRAME SRC=#
onmouseover="alert(document.cookie)"></IFRAME>123</h1>
• <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">