NGS-sapigs-xssheap.txt
Posted on 07 July 2007
======= Summary ======= Name: SAP Internet Graphics Server XSS and Heap Overflow Release Date: 5 July 2007 Reference: NGS00487 Discover: Mark Litchfield <mark@ngssoftware.com> Vendor: SAP Vendor Reference: SECRES-288 Systems Affected: Risk: Medium Status: Fixed ======== TimeLine ======== Discovered: 4 January 2007 Released: 19 January 2007 Approved: 27 January 2007 Reported: 8 January 2007 Fixed: 18 January 2007 Published: =========== Description =========== The SAP IGS overflow had previously been reported. The fix went out on the 18th Jan. Despite being reported on the 8th Jan, NGS did not receive any credit. The advisory that was posted by the other security researcher can be found at - http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf. See attached note The XSS issue however is still being treated by SAP as a vulnerability. ================= Technical Details ================= http://10.1.1.30:40180/ADM:GETLOGFILE?PARAMS=<script>alert("hello")</script> =============== Fix Information =============== Please ensure you have the latest version NGSSoftware Insight Security Research http://www.ngssoftware.com/ http://www.databasesecurity.com/ http://www.nextgenss.com/ +44(0)208 401 0070