SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information Disclosure

EDB-ID:

23069




Platform:

Multiple

Date:

2003-08-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

source: https://www.securityfocus.com/bid/8515/info

A vulnerability has been discovered in SAP Internet Transaction Server (SITS)that could allow an attacker to obtain sensitive information. The problem occurs due to SITS disclosing sensitive local filesystem information when handling malformed requests. Specifically, an attacker who submits a request containing invalid values will receive an error response message in return. This response may contain sensitive information. 

http://www.server.name/scripts/wgate/pbw2/!?

with params:
~runtimemode=DM&
~language=en&
~theme=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&