CVE-2005-3634 PoC — SAP Web Application Server URI重定向漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2005/CVE-2005-3634.yaml

Associated Vulnerability

Title:SAP Web Application Server URI重定向漏洞 (CVE-2005-3634)
Description:SAP Web Application Server是Linux下的应用程序。 SAP Web Application Server (WAS) 6.10至7.00的BSP运行时中的frameset.htm，可让远程攻击者通过 sap-sessioncmd参数中的关闭命令和 sap-exiturl参数中的URL，注销用户并将其重定向到任意Web站点。

Description

frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.

File Snapshot


 id: CVE-2005-3634

info:
  name: SAP Web Application Server 6.x/7.0 - Open Redirect
  author: ctflea

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!