Exploit Database - Logo

SAP Internet Transaction Server 6200.1017.50954.0 - Bu query String JavaScript Splicing Cross-Site Scripting

EDB-ID: 31755 Author: Portcullis Published: 2008-05-08
CVE: CVE-2008-2123 Type: Webapps Platform: CGI
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/29103/info
 
SAP Internet Transaction Server is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
 
These issues affect ITS 6200.1017.50954.0, Build 730827 (win32/IIS 5.0).

http://www.example.com/scripts/wgate/%22);alert('xss');alert(%22a/!
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2008-2123
Trying to match OSVDBs (1): 45200
Other Possible E-DB Search Terms: SAP Internet Transaction Server 6200.1017.50954.0,  SAP Internet Transaction Server
Date D V Title Author
2003-08-30 Verified SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Cross-Site ScriptingMartin Eiszner
2003-08-30 Verified sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory TraversalMartin Eiszner
2003-08-30 Verified SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 - Information DisclosureMartin Eiszner
2006-09-28 Verified SAP Internet Transaction Server 6.10/6.20 - Cross-Site ScriptingILION Research
2008-05-08 Verified SAP Internet Transaction Server 6200.1017.50954.0 Bu (WGate) - 'wgate.dll?~service' Cross-Site ScriptingPortcullis
Menu