SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect
| EKU-ID: 32530 | CVE: CVE-2006-0731;OSVDB-23233 | OSVDB-ID: |
| Author: Leandro Meiners | Published: 2006-02-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 32530 | CVE: CVE-2006-0731;OSVDB-23233 | OSVDB-ID: |
| Author: Leandro Meiners | Published: 2006-02-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators. The following URI example demonstrates this issue: http://www.example.com/WmRoot/adapter-index.dsp?url=http://www.attacker.com/