Skip to content

SAP /sap/bw/xml/soap/xmla XMLA service (XML DOCTYPE) SMB relay #1653

Closed
wants to merge 2 commits into from

1 participant

@nmonkee
nmonkee commented Mar 25, 2013

This module exploits the SAP NetWeaver BW XML External Entity vulnerability. An XML External Entities (XXE) issue exists within the XMLA service (XML DOCTYPE) function. The XXE vulnerability in SAP BW can lead to arbitrary file reading or an SMBRelay attack.

SAP Note 1597066 / DSECRG-12-033.

ref: http://erpscan.com/advisories/dsecrg-12-033-sap-basis-6-407-02-xml-external-entity

@nmonkee nmonkee closed this Mar 25, 2013
@nmonkee nmonkee deleted the nmonkee:sap_soap_xmla_bw_smb_relay branch Mar 25, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.