SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure

• Exploit Database
• 37 阅读

• 作者： Richard Alviarez
  日期： 2018-05-18
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/44647/

• # Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure
  # Versions Affected: SAP NetWeaver 6.4 - 7.5
  # Vendor URL: http://SAP.com
  # Bugs:Information disclosure (Enumerate users)
  # Sent:2016-12-15
  # Reported:2016-12-15
  # Date of Public Advisory: 09.02.2016
  # Reference: SAP Security Note 2344524
  # Author: Richard Alviarez (SIA Group)
  # CVE: N/A
  
  # 1. ADVISORY INFORMATION
  # Title: SAP NetWeaver Web Dynpro – information disclosure (Enumerate users)
  # Advisory ID: 2344524
  # Risk: Medium
  # Date published: 20.12.2016
  
  # 2. VULNERABILITY DESCRIPTION
  # Anonymous attacker can use a special HTTP request to get information
  # about SAP NetWeaver users.
  
  # 3. VULNERABLE PACKAGES
  # SAP NetWeaver Web Dynpro 6.4 - 7.5
  # Other versions are probably affected too, but they were not checked.
  
  # 4. TECHNICAL DESCRIPTION
  # A potential attacker can use the vulnerability in order to reveal
  # information about user names,
  # first and last names, and associated emails, this can provide an attacker
  # with enough information
  # to make a more accurate and effective attack
  
  # Steps to exploit this vulnerability
  
  1. Open
  http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/ACreate
  or
  http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/com.sap.caf.eu.gp.example.timeoff.wd.create.ACreate
  
  page on SAP server
  
  2. Press "Change processor" button
  
  3. and in the "find" section, put the initial or name to be searched,
  followed by a *
  
  You will get a list of SAP users and information.