SAP Lumira 1.31 Stored Cross-Site Scripting

2020.11.30

Credit: Ilca Lucian Florin

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting
# Date: 13.08.2020
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: https://www.sap.com
# Software Link: SAP Lumira
# Version: <= 1.31
# Tested on: Windows 7 / Windows 10 / Internet Explorer 11 / Google Chrome 84.0.4147.105
# Vulnerable System: https://system/BOE/BI
# Reproduce Cross Site Scripting (XSS):
1. Select Web Intelligence Button
2. Wait for SAP Business Objects to load complete
3. CTRL +N or click on New Document
4. Create an empty document
5. Select new variable
6. Select random name for the variable
7. Add the XSS vectors from evidence
8. Open variable tab and click on new created variable name
# Cross Site Scripting (XSS) Vectors Used:
• "><h1><IFRAME SRC=#
onmouseover="alert(document.cookie)"></IFRAME>123</h1>
• <IMG SRC=x onerror="alert(String.fromCharCode(88,83,83))">

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

SAP Lumira 1.31 Stored Cross-Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.