SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect

EDB-ID:

27235




Platform:

Linux

Date:

2006-02-15


source: https://www.securityfocus.com/bid/16671/info

SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators.

The following URI example demonstrates this issue:

http://www.example.com/WmRoot/adapter-index.dsp?url=http://www.attacker.com/