SAP Business Connector 4.6/4.7 adapter-index.dsp url Variable Arbitrary Site Redirect



source: http://www.securityfocus.com/bid/16671/info


SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

This issue allows remote attackers to execute phishing-style attacks against targeted SAP Business Connector administrators.

The following URI example demonstrates this issue:

http://www.example.com/WmRoot/adapter-index.dsp?url=http://www.attacker.com/