Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

XSS attacks via ~designbaseurl, SAP security note 889454

Description

When you start a service, the message “Security exploit” appears. In the trace, you can then find entries such as:

illegal host in ~designbaseurl=…….
WorkXSSFilter: possible xss exploit

Available fix and Supported packages

  • BC-FES-ITS | 620 | 630
  • SAP_BASIS | 640 | 640
  • SAP_BASIS | 700 | 701
  • SAP_BASIS | 710 | 710
  • SAP BASIS 7.01 | SP000 | 000000
  • SAP KERNEL 6.40 32-BIT | SP223 | 000223
  • SAP KERNEL 6.40 32-BIT UNICODE | SP223 | 000223
  • SAP KERNEL 6.40 64-BIT | SP223 | 000223
  • SAP KERNEL 6.40 64-BIT UNICODE | SP223 | 000223
  • SAP KERNEL 7.10 32-BIT | SP092 | 000092
  • SAP KERNEL 7.10 32-BIT UNICODE | SP092 | 000092
  • SAP KERNEL 7.10 64-BIT | SP092 | 000092
  • SAP KERNEL 7.10 64-BIT UNICODE | SP092 | 000092

Affected component

    BC-FES-ITS
    SAP Internet Transaction Server

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/889454

TAGS

#ITS
#XSS
#CSS
#cross-site-scripting
#security-exploit

More to explorer