Hi friends,
Any solution available for SAP XXE vulnerbility issue reported in https://userapps.support.sap.com/sap/support/knowledge/en/2997100. We are using CRJ of Exclips version 2016.
in one of our penetration testing we found XXE vulnerability where we are able to inject XML in prptinfo and able to retrieve the server OS files.
"It can be seen that CRVCompositeViewState contains double-URL encoded JSON, where “prptinfo” key exists. This key contains XML string and this XML is prone to the XXE vulnerabilities. During the exploitation, attacker has to make sure that: • Special characters like % and & are double-URL encoded. • Quotes “ are escaped with \ character. In case of error based XXE exploitation, attacker does not need to generate any report (XML will be parsed before report-session checking). In order to exploit this is issue, attacker has to prepare a web server, where “test.dtd” file will be stored."
is this issue fixed in any of the new version?
Thanks
Viswa..
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.