Direct Links
english
deutsch

FileBox Login
Offene Stellen / Jobs
 

SAP NetWeaver XSS Vulnerability

January 27, 2009; Martin Suess

The vulnerability found targets the SAP NetWeaver portal. It is possible to execute JavaScript code in the browser of a valid user when clicking on a specially crafted URL which can be sent to the user by email.
This vulnerability can be used to steal the user's session cookie or redirect him to a phishing website which shows the (faked) login screen and gets his logon credentials as soon as he tries to log in on the faked site.

Links:
 

News

HTML5 Web Security
12/7/11 - HTML5 Security Research Report

Review BlackHat / Defcon 2011
11/8/11 - This year, as every year, two security analysts of Compass Security AG participated in the BlackHat and Defcon in Las Vegas.

Oracle RDC Onsite XSS Vulnerability
10/18/11 - Compass Security has found a vulnerability in ORACLE RDC ONSITE.

Course Schedule - New iPhone & iPad Hands-On course
10/6/11 - The new iPhone & iPad Compass course will be held in Switzerland for the first time

it-sa 2011: Compass Live-Hacking at IT-SA 2011 in Nürnberg
9/29/11 - Meet Compass at IT-SA Messestand in Halle 12, Stand 226. We will present Live-Hackign with newest iPhone and Mobile Devices.