SAP Business Connector Core Fix ‘WmRoot/adapter-index.dsp’输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109758 漏洞类型 输入验证
发布时间 2006-02-15 更新时间 2007-03-30
CVE编号 CVE-2006-0731 CNNVD-ID CNNVD-200602-241
漏洞平台 Linux CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/27235
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-241
|漏洞详情
SAPBusinessConnectorCoreFix7及之前版本的WmRoot/adapter-index.dsp可使远程攻击者借助url参数中的绝对URL(加载框架中的URL)执行欺骗(仿冒)攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/16671/info

SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators.

The following URI example demonstrates this issue:

http://www.example.com/WmRoot/adapter-index.dsp?url=http://www.attacker.com/
|参考资料

来源:XF
名称:sapbc-admin-spoofing(24751)
链接:http://xforce.iss.net/xforce/xfdb/24751
来源:BID
名称:16671
链接:http://www.securityfocus.com/bid/16671
来源:BUGTRAQ
名称:20060515CYBSEC-SecurityAdvisory:PhishingVectorinSAPBC(BusinessConnector)
链接:http://www.securityfocus.com/archive/1/archive/1/434012/30/4980/threaded
来源:BUGTRAQ
名称:20060215CYBSEC-SecurityPre-Advisory:PhishingVectorinSAPBC
链接:http://www.securityfocus.com/archive/1/archive/1/425056/100/0/threaded
来源:VUPEN
名称:ADV-2006-0611
链接:http://www.frsirt.com/english/advisories/2006/0611
来源:MISC
链接:http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf
来源:SECTRACK
名称:1015639
链接:http://securitytracker.com/id?1015639
来源:SECUNIA
名称:18880
链接:http://secunia.com/advisories/18880