«
Expand/Collapse
244 items tagged "sap"
Related tags:
webas [+],
security advisory [+],
buffer overflow vulnerability [+],
service [+],
sap gui [+],
multiple [+],
netweaver [+],
vulnerabilities [+],
service vulnerability [+],
maxdb [+],
mariano nunez [+],
di croce [+],
console [+],
abap [+],
sap netweaver [+],
version 6 [+],
social engineering [+],
sap web application server [+],
onapsis [+],
legitimate users [+],
input validation vulnerabilities [+],
execution [+],
denial [+],
code [+],
clamsap [+],
clamav [+],
buffer overflow [+],
buffer [+],
authentication [+],
attacker [+],
application [+],
security [+],
print [+],
objects [+],
information disclosure [+],
enterprise portal [+],
directory [+],
diag [+],
command execution [+],
business objects [+],
based buffer overflow [+],
vulnerability [+],
xss [+],
vsi [+],
virus [+],
stack buffer [+],
spml [+],
soap [+],
site [+],
protocol analysis [+],
portal [+],
plugin dll [+],
plugin [+],
packet analyzer [+],
osa [+],
integration [+],
insecure methods [+],
forgery [+],
enterprise [+],
doc [+],
dispatcher [+],
directory traversal vulnerability [+],
directory traversal [+],
control [+],
chaos communication congress [+],
bugtraq [+],
xrfc [+],
x insecure [+],
windows xp sp3 [+],
web module [+],
version [+],
valid username [+],
target system [+],
stack overflow [+],
sql injection [+],
soap server [+],
smbrelay [+],
shortcut [+],
sapgui [+],
sap systems [+],
runtime [+],
rstxscrp [+],
red hat security [+],
red [+],
profile parameters [+],
player [+],
overflow vulnerability [+],
overflow [+],
mobile engine [+],
malformed [+],
level [+],
java software development [+],
java runtime environment [+],
interface [+],
integer overflow [+],
ibm [+],
hijacking [+],
handshake [+],
giop [+],
filesystem structure [+],
erp functionality [+],
dsecrg [+],
doc cross [+],
day [+],
ctc [+],
critical business functions [+],
command [+],
bsp [+],
attacking [+],
attackers [+],
arbitrary files [+],
application module [+],
administrator [+],
administration commands [+],
active x [+],
active [+],
zdi [+],
webapps [+],
technical infrastructures [+],
tar gz [+],
sld [+],
serv [+],
s system [+],
remote [+],
poc [+],
penetration [+],
pdf [+],
netwaver [+],
navigator interface [+],
module [+],
malicious intruders [+],
javamailexamples [+],
internet transaction server [+],
internet [+],
insecure [+],
input validation [+],
hat europe [+],
hack in the box [+],
fortune 100 companies [+],
exploits [+],
exec [+],
exe [+],
europe [+],
enterprise resource planning [+],
dos [+],
dll [+],
cyber criminals [+],
correction [+],
businessobjects [+],
businessobj [+],
black hat [+],
bapi [+],
backdoors [+],
arbitrary code [+],
code execution [+],
usa [+],
trojan horse [+],
traversal [+],
testing [+],
test service [+],
takes [+],
sql [+],
session [+],
server path [+],
security authors [+],
secunia [+],
scripting [+],
saplogon [+],
saphostcontrol [+],
sap security [+],
sap management [+],
sap ag [+],
rfc [+],
retired [+],
research [+],
request code [+],
pubdblogon [+],
ptresearch [+],
protocol [+],
programming mistake [+],
privileges [+],
polyakov [+],
plea deal [+],
plea [+],
parameter value [+],
parameter name [+],
paper [+],
obunmarshal [+],
nitty gritty details [+],
nils magnus tags [+],
network hackers [+],
naming service [+],
mobile test [+],
method [+],
mesync [+],
message [+],
malicious [+],
malaysia [+],
license [+],
kernel mode [+],
interface code [+],
insecure method [+],
ini file [+],
hostcontrol [+],
graphical user interface [+],
giants [+],
financial consolidation [+],
external entity [+],
exe code [+],
eps [+],
engine core [+],
engine [+],
eai [+],
dubai [+],
core [+],
control stack [+],
business client [+],
axis [+],
authorities [+],
authentication mechanism [+],
alexander polyakov [+],
advisory [+],
account creation [+],
Programming [+],
crystal reports [+],
cross [+],
server [+],
report server [+],
crystal report [+],
web [+],
denial of service [+],
business [+],
safer use [+],
management [+],
information disclosure vulnerability [+],
information [+],
cross site scripting [+],
virus scan [+],
txt [+],
gui [+],
activex [+]
-
-
16:57
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
-
16:57
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
-
16:57
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-1577-01 - IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. As of October 1 2012, IBM J2SE 1.4.2 is no longer supported for use with SAP products. All SAP users should migrate to SAP JVM 4 provided by SAP as the only supported Java Virtual Machine. Refer to "SAP Note 1495160 - SAP JVM replacement for Partner JDKs 1.4.2" for additional details. These java-1.4.2-ibm-sap packages provide the last SAP certified IBM J2SE 1.4.2 release, SR13-FP13.
-
-
16:00
»
SecuriTeam
SAP Netweaver is prone to a cross-site scripting vulnerability and a cross-site request-forgery vulnerability because it fails to properly sanitize user-supplied input.
-
-
16:00
»
SecuriTeam
SAP NetWeaver is prone to an information-disclosure vulnerability.
-
-
10:34
»
SecDocs
Authors:
Nils Magnus Tags:
SAP Event:
Chaos Communication Congress 21th (21C3) 2004 Abstract: Most hackers perceive SAP R/3 installations as enormous data graves with limited hack value because of its immense size and doubtful design. However, there are usually lots of company relevant data. As it is good and common practise, the more valuable the data, the less it is protected. SAP installations comprise usually of a database and an application server on the backend. There are numerous schemes well-known to both attack and protect these servers. The user's end is often much less protected, though. User clients (the infamous sapguis) talk with a sparsely documented protocol sometimes called DIAG. In the past SAP claimed DIAG is "encrypted"; more recently the vendor admitted it is only "obscured" but did not publish any details. This makes every hacker suspicious. During this session we will have a look into the nitty gritty details of the protocol from an outsider's point of view. We will present tools and techniques to extract useful information out of packets and data streams, and look at the actual data. However, since the protocol has not completely reverse engineered, the session is a kind of workshop where we try to find out more details about the protocol. The session is directed to prefessional network hackers who are aware of extracting and visualizing data from the network. We are looking for experts in the field of shared libraries, Java decompiling and PK* compression methods as these technologies play a role in the scenario. We will provide a demo installation of both client and server installations of SAP R/3 based on Linux.
-
-
17:00
»
SecuriTeam
This allow local users to gain privileges via a Trojan horse MFC80LOC.DLL file in the current working directory, as demonstrated by a directory that contains a .sap file.
-
-
16:05
»
Packet Storm Security Exploits
This Metasploit module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
-
16:05
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
-
16:05
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass).
-
-
17:00
»
SecuriTeam
SAP Netweaver is prone to multiple cross-site scripting vulnerabilities, an information-disclosure vulnerability, and an authentication-bypass vulnerability.
-
-
13:46
»
Packet Storm Security Recent Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
13:46
»
Packet Storm Security Misc. Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
-
21:35
»
SecDocs
Authors:
Ertunga Arsal Tags:
rootkit SAP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management and change processes that apply to one ‘unimportant’ system can result in complete compromise of the SAP landscape. The legal consequences, lost/damaged business and reputation can be disastrous depending on the type of the attack. While companies invest a lot to secure SAP systems at business process level for example by designing authorization concepts, implementing separation of duties or by using GRC (Governance Risk and Compliance) tools, the security at technical level mostly lacks attention. In this paper, I present several attack paths exploiting configuration weaknesses at technical level, leading to attack potential to single systems, to whole SAP landscapes, and finally the whole enterprise network. By demonstrating creative exploit variants of configuration weaknesses, I motivate the necessity to safeguard a SAP system at technical level.
-
-
21:27
»
SecDocs
Authors:
Ertunga Arsal Tags:
rootkit SAP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management and change processes that apply to one ‘unimportant’ system can result in complete compromise of the SAP landscape. The legal consequences, lost/damaged business and reputation can be disastrous depending on the type of the attack. While companies invest a lot to secure SAP systems at business process level for example by designing authorization concepts, implementing separation of duties or by using GRC (Governance Risk and Compliance) tools, the security at technical level mostly lacks attention. In this paper, I present several attack paths exploiting configuration weaknesses at technical level, leading to attack potential to single systems, to whole SAP landscapes, and finally the whole enterprise network. By demonstrating creative exploit variants of configuration weaknesses, I motivate the necessity to safeguard a SAP system at technical level.
-
21:27
»
SecDocs
Authors:
Ertunga Arsal Tags:
rootkit SAP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: SAP systems are the heart of many enterprises. Most critical business functions run on SAP Applications and the complexity of these systems makes it very difficult to protect against attackers. Default setups, forgotten/unimplemented security configurations, weak password management and change processes that apply to one ‘unimportant’ system can result in complete compromise of the SAP landscape. The legal consequences, lost/damaged business and reputation can be disastrous depending on the type of the attack. While companies invest a lot to secure SAP systems at business process level for example by designing authorization concepts, implementing separation of duties or by using GRC (Governance Risk and Compliance) tools, the security at technical level mostly lacks attention. In this paper, I present several attack paths exploiting configuration weaknesses at technical level, leading to attack potential to single systems, to whole SAP landscapes, and finally the whole enterprise network. By demonstrating creative exploit variants of configuration weaknesses, I motivate the necessity to safeguard a SAP system at technical level.
-
-
19:29
»
Packet Storm Security Advisories
SAP AG Netweaver version 7.02 suffers from a stack based buffer overflow vulnerability in the SAPHostControl service. Exploitation can lead to code execution.
-
19:29
»
Packet Storm Security Recent Files
SAP AG Netweaver version 7.02 suffers from a stack based buffer overflow vulnerability in the SAPHostControl service. Exploitation can lead to code execution.
-
19:29
»
Packet Storm Security Misc. Files
SAP AG Netweaver version 7.02 suffers from a stack based buffer overflow vulnerability in the SAPHostControl service. Exploitation can lead to code execution.
-
-
11:15
»
Packet Storm Security Exploits
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
11:15
»
Packet Storm Security Recent Files
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
11:15
»
Packet Storm Security Misc. Files
This Metasploit module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password must be provided.
-
-
14:41
»
Packet Storm Security Recent Files
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.
-
14:41
»
Packet Storm Security Recent Files
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.
-
14:41
»
Packet Storm Security Misc. Files
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.
-
14:41
»
Packet Storm Security Misc. Files
SAP DIAG Plugin extends the basic functionality of the WireShark network packet analyzer and provides additional features of SAP DIAG protocol analysis. This extension allows one to collect and decompress SAP DIAG packets in the course of interaction between SAP Front-end client software and SAP application servers. To install you must copy plugin pt_sap_diag_wireshark_plugin.dll in folder %WiresharkInstallDir%/plugins/%version%.
-
-
11:59
»
Packet Storm Security Advisories
Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:59
»
Packet Storm Security Recent Files
Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:59
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:57
»
Packet Storm Security Advisories
Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:57
»
Packet Storm Security Recent Files
Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:57
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
-
11:55
»
Packet Storm Security Advisories
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
11:55
»
Packet Storm Security Recent Files
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
11:55
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.
-
5:52
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
SAP Event:
Black Hat USA 2010 Abstract: In any company, the ERP (Enterprise Resource Planning) is the heart of the business technological platform. These systems handle the key business processes of the organization, such as procurement, invoicing, human resources management, billing, stock management and financial planning. Among all the ERPs, SAP is by far the most widely deployed one, having more than 90.000 customers in more than 120 countries and running in Fortune 100 companies, governmental and defense organizations. The information stored in these systems is of absolute importance to the company, which unauthorized manipulation would result in big economic losses and loss of reputation. This talk will present an old concept applied to a new paradigm: SAP Backdoors. We will discuss different novel techniques that can be deployed by malicious intruders in order to create and install backdoors in SAP systems, allowing them to retain access or install malicious components that would result in imperceptible-and-ongoing financial frauds. After the description of these techniques, we will present the countermeasures that should be applied in order to avoid these attacks and protect the business information, effectively reducing financial fraud risks and enforcing compliance. Furthermore, we will release a new Onapsis free tool that will help security managers to automatically detect unauthorized modifications to SAP systems. Is your SAP backdoored? If your answer is "I don’t know," you may consider attending to this talk.
-
-
10:02
»
SecDocs
Authors:
Ertunga Arsal Tags:
SAP ABAP Event:
Hashdays 2010 Abstract: ABAP is the programming language used for developing ERP applications on SAP® systems. The ABAP stack runs similar to “kernel mode” and it has access to most critical components. Any programming mistake can have disastrous effects. Whether for adding another “root” (SAP_ALL) user to the system or for stealing password hashes, it on the shopping list of most SAP hackers. Our talk focuses on insecure ABAP code, how to exploit it and how to prevent future mistakes.
-
-
17:14
»
SecuriTeam
A Path Disclosure vulnerability was identified affecting SAP Enterprise Portal.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
Multiple Vulnerabilities were identifiedin SAP WebAS ITS Mobile Test Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:09
»
SecuriTeam
Multiple vulnerabilities were identified in SAP WebAS ITS Mobile Start Service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:33
»
Packet Storm Security Advisories
Onapsis Security Advisory - It has been detected that the SAP Enterprise Portal runtime presents descriptive error messages when special HTTP requests are processed, returning information about the filesystem structure were the component is deployed in the target system.
-
6:33
»
Packet Storm Security Recent Files
Onapsis Security Advisory - It has been detected that the SAP Enterprise Portal runtime presents descriptive error messages when special HTTP requests are processed, returning information about the filesystem structure were the component is deployed in the target system.
-
6:33
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - It has been detected that the SAP Enterprise Portal runtime presents descriptive error messages when special HTTP requests are processed, returning information about the filesystem structure were the component is deployed in the target system.
-
6:33
»
Packet Storm Security Advisories
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
6:33
»
Packet Storm Security Recent Files
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
6:33
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Start service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
6:11
»
Packet Storm Security Advisories
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
6:11
»
Packet Storm Security Recent Files
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
6:11
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With the SAP Web Application Server you can implement both server-based and client-based Web applications. It has been detected that the ITS Mobile Test service suffers from input validation vulnerabilities and design weaknesses, which can be exploited to perform XSS and arbitrary redirects attacks.
-
-
13:48
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
SAP Event:
Black Hat DC 2011 Abstract: "SAP platforms are only accessible internally". You may have heard that several times. While that was true in many organizations more than a decade ago, the current situation is completely different: driven by modern business requirements, SAP systems are getting more and more connected to the Internet. This scenario drastically increases the universe of possible attackers, as remote malicious parties can try to compromise the organization's SAP platform in order to perform espionage, sabotage and fraud attacks. SAP provides different Web interfaces, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server (ITS). These components feature their own security models and technical infrastructures, which may be prone to specific security vulnerabilities. If exploited, your business crown jewels can end up in the hands of cyber criminals. Through many live demos, this talk will explain how remote attackers may compromise the security of different SAP Web components and what you can do to avoid it. In particular, an authentication-bypass vulnerability affecting "hardened" SAP Enterprise Portal implementations will be detailed.
-
13:48
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
SAP Event:
Black Hat DC 2011 Abstract: "SAP platforms are only accessible internally". You may have heard that several times. While that was true in many organizations more than a decade ago, the current situation is completely different: driven by modern business requirements, SAP systems are getting more and more connected to the Internet. This scenario drastically increases the universe of possible attackers, as remote malicious parties can try to compromise the organization's SAP platform in order to perform espionage, sabotage and fraud attacks. SAP provides different Web interfaces, such as the Enterprise Portal, the Internet Communication Manager (ICM) and the Internet Transaction Server (ITS). These components feature their own security models and technical infrastructures, which may be prone to specific security vulnerabilities. If exploited, your business crown jewels can end up in the hands of cyber criminals. Through many live demos, this talk will explain how remote attackers may compromise the security of different SAP Web components and what you can do to avoid it. In particular, an authentication-bypass vulnerability affecting "hardened" SAP Enterprise Portal implementations will be detailed.
-
-
22:46
»
Packet Storm Security Recent Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
22:46
»
Packet Storm Security Misc. Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
8:14
»
Packet Storm Security Exploits
Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.
-
8:14
»
Packet Storm Security Recent Files
Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.
-
8:14
»
Packet Storm Security Misc. Files
Multiple cross site scripting vulnerabilities have been discovered in the PerformanceManagement application module in SAP Crystal Reports Server 2008.
-
-
17:01
»
SecuriTeam
A Directory Traversal Vulnerability was identified in SAP Crystal Reports 2008.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:55
»
SecuriTeam
The component contains insecure methods by which you can overwrite any file in the OS, run executables, kill processes, etc.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:40
»
SecuriTeam
SAP Crystal Reports Contains a vulnerability caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:15
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP NetWeaver Business Client.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:33
»
Packet Storm Security Advisories
Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
-
15:33
»
Packet Storm Security Recent Files
Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
-
15:33
»
Packet Storm Security Misc. Files
Insecure practices where found in the library scriptinghelpers.dll from SAP Crystal Report Server 2008. An attacker could construct a html-page containing a call insecure functions.
-
-
20:22
»
Packet Storm Security Advisories
Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
-
20:22
»
Packet Storm Security Recent Files
Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
-
20:22
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - It has been detected that many of the available methods in the sapstartsrv SOAP server in the SAP Management Console do not require user authentication, allowing remote and unauthenticated users to obtain sensitive information from the SAP system, such as the list of log files and their content, profile parameters, developer traces, etc.
-
20:18
»
Packet Storm Security Advisories
Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
-
20:18
»
Packet Storm Security Recent Files
Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
-
20:18
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - A denial of service vulnerability has been discovered in the processing of administration commands by the SAP MC. This functionality allows the restart of the service without providing authentication information.
-
-
10:51
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:37
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).
-
12:37
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).
-
-
10:27
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:13
»
Packet Storm Security Exploits
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
-
16:13
»
Packet Storm Security Recent Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
-
16:13
»
Packet Storm Security Misc. Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
-
-
22:01
»
Packet Storm Security Misc. Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
22:01
»
Packet Storm Security Recent Files
ClamSAP consists of two C shared libraries that link between ClamAV and the Virus Scan Interface (VSI) of SAP (official name: NW-VSI). A SAP application can use the ClamAV engine to scan for malicious uploads in HTTP uploads, for example.
-
-
20:10
»
SecuriTeam
Multiple denial of service vulnerabilities were discovered in SAP Management Console.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:47
»
SecuriTeam
A code execution vulnerability was discovered inside an ActiveX component that belongs to SAP's GUI.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:24
»
Packet Storm Security Recent Files
Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users.
-
18:22
»
Packet Storm Security Advisories
Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users.
-
-
1:51
»
SecDocs
Authors:
Mariano Nunez Di Croce Tags:
backdoor exploiting SAP Event:
Black Hat EU 2010 Abstract: In any company, the ERP (Enterprise Resource Planning) is the heart of the business technological platform. These systems handle the key business processes of the organization, such as procurement, invoicing, human resources management, billing, stock management and financial planning. Among all the ERPs, SAP is by far the most widely deployed one, having more than 90.000 customers in more than 120 countries and running in Fortune 100 companies, governmental and defense organizations. The information stored in these systems is of absolute importance to the company, which unauthorized manipulation would result in big economic losses and loss of reputation. This talk will present an old concept applied to a new paradigm: SAP Backdoors. We will discuss different novel techniques that can be deployed by malicious intruders in order to create and install backdoors in SAP systems, allowing them to retain access or install malicious components that would result in imperceptible-and-ongoing financial frauds. After the description of these techniques, we will present the countermeasures that should be applied in order to avoid these attacks and protect the business information, effectively reducing financial fraud risks and enforcing compliance. Furthermore, we will release a new Onapsis free tool that will help security managers to automatically detect unauthorized modifications to SAP systems. Is your SAP backdoored? If your answer is "I don’t know," then you may consider attending to this talk.
-
-
13:38
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
0:00
»
Packet Storm Security Advisories
Onapsis Security Advisory - SAP WebDynPro suffers from a cross site scripting vulnerability.
-
0:00
»
Packet Storm Security Advisories
Onapsis Security Advisory - The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization's SAP users.