47 lines
No EOL
1.5 KiB
Text
47 lines
No EOL
1.5 KiB
Text
# Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure
|
||
# Versions Affected: SAP NetWeaver 6.4 - 7.5
|
||
# Vendor URL: http://SAP.com
|
||
# Bugs: Information disclosure (Enumerate users)
|
||
# Sent: 2016-12-15
|
||
# Reported: 2016-12-15
|
||
# Date of Public Advisory: 09.02.2016
|
||
# Reference: SAP Security Note 2344524
|
||
# Author: Richard Alviarez (SIA Group)
|
||
# CVE: N/A
|
||
|
||
# 1. ADVISORY INFORMATION
|
||
# Title: SAP NetWeaver Web Dynpro – information disclosure (Enumerate users)
|
||
# Advisory ID: 2344524
|
||
# Risk: Medium
|
||
# Date published: 20.12.2016
|
||
|
||
# 2. VULNERABILITY DESCRIPTION
|
||
# Anonymous attacker can use a special HTTP request to get information
|
||
# about SAP NetWeaver users.
|
||
|
||
# 3. VULNERABLE PACKAGES
|
||
# SAP NetWeaver Web Dynpro 6.4 - 7.5
|
||
# Other versions are probably affected too, but they were not checked.
|
||
|
||
# 4. TECHNICAL DESCRIPTION
|
||
# A potential attacker can use the vulnerability in order to reveal
|
||
# information about user names,
|
||
# first and last names, and associated emails, this can provide an attacker
|
||
# with enough information
|
||
# to make a more accurate and effective attack
|
||
|
||
# Steps to exploit this vulnerability
|
||
|
||
1. Open
|
||
http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/ACreate
|
||
or
|
||
http://SAP/webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd/com.sap.caf.eu.gp.example.timeoff.wd.create.ACreate
|
||
|
||
page on SAP server
|
||
|
||
2. Press "Change processor" button
|
||
|
||
3. and in the "find" section, put the initial or name to be searched,
|
||
followed by a *
|
||
|
||
You will get a list of SAP users and information. |