[Squid 2004-OSC2Nuke-001] Inadequate Security Checking in OSC2Nuke

From: Squid (squidsecurity_at_hushmail.com)
Date: 06/01/04

Next message: Valdis.Kletnieks_at_vt.edu: "Re: LinkSys WRT54G administration page availble to WAN"

Previous message: Squid: "[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 1 Jun 2004 18:42:15 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

===========================================================================
===========================================================================

Advisory: 2004-OSC2Nuke-001
Affected Software: OSC2Nuke 7x version 1
OSCNukeLite V3.1 and earlier
Main Developer: Dreamlite Development Team
Module Developers: See credits section below

Description:
-----------

OSC2Nuke (http://www.osc2nuke.org/) is an open source project combining
the functionality of PHPNuke's portal system (http://www.phpnuke.org/)
with OSCommerce's shopping cart software. Run by the Dreamlite development
team, this project has been active since mid-2003. OSCNukeLite
(http://www.oscnukelite.org/) is the predecessor of OSC2Nuke.

Vulnerability:
-------------

PhpNuke's software is a major component in this project thus it suffers
from the same security weakness as its parent.

In an effort to secure files from being directly accessed by outside visitors,
developers added a simple security checking mechanism. If the checker
evaluates to false, the remaining code inside the file is executed. If it
evaluates to true, the script aborts or the visitor is redirected to another
page.

The process consists of capturing the currently executing script's path and
filename with the global variable $_SERVER['PHP_SELF']. Using PHP's built-in
function eregi(), this value is then compared against the script's name
which should be the sole access point.

Example:
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) { die ("Access Denied"); }

In this example, a file with the above snippet will continue executing if
it was accessed by another file containing the letters "modules.php" (without
quotes) otherwise the script aborts returning the words "Access Denied".

Using eregi() with the NOT logical operator as done by the developers
is a very poor way to control file access because anyone can easily
manipulate a URL and add the missing component thereby forcing the security
check to always evaluate to false and gain unfettered entry.

Exploitation Example:
---------------------
http://www.domain.com/modules/catalog/checkout_process.php/modules.php

Impact:
------

In the majority of cases here, exploition of this vulnerability will display
full path disclosure and not continue further code execution where intrusion
or damage might occur. In a much smaller number of cases, the code may
continue executing and possibly allow outsiders unwanted access to some
restricted areas on the site. Those who have setup their servers to look in
the main directory when a file is not located in the current one may see
a higher percentage of unwanted access and a lower percentage of full path
disclosures than others.

OSC2Nuke's code was not analyzed on whether additional vulnerabilities are
possible due to this security weakness. However, files where potential SQL
injections might occur are flagged below.

Affected Files:
--------------

Although an effort was made to identify all affected files (~295 total of
which ~86 have no security check), we leave it up to the developers/users
to do their own verification to ensure no files were inadvertently missed.

Note 1 --> /admin/case/case.adminfaq.php
Note 1 --> /admin/case/case.authors.php
Note 1 --> /admin/case/case.backup.php
Note 1 --> /admin/case/case.banners.php
Note 1 --> /admin/case/case.blocks.php
Note 1 --> /admin/case/case.comments.php
Note 1 --> /admin/case/case.content.php
Note 1 --> /admin/case/case.download.php
Note 1 --> /admin/case/case.encyclopedia.php
Note 1 --> /admin/case/case.ephemerids.php
Note 1 --> /admin/case/case.forums.php
Note 1 --> /admin/case/case.groups.php
Note 1 --> /admin/case/case.links.php
Note 1 --> /admin/case/case.messages.php
Note 1 --> /admin/case/case.modules.php
Note 1 --> /admin/case/case.newsletter.php
Note 1 --> /admin/case/case.optimize.php
Note 1 --> /admin/case/case.polls.php
Note 1 --> /admin/case/case.referers.php
Note 1 --> /admin/case/case.reviews.php
Note 1 --> /admin/case/case.sections.php
Note 1 --> /admin/case/case.settings.php
Note 1 --> /admin/case/case.stories.php
Note 1 --> /admin/case/case.topics.php
Note 1 --> /admin/case/case.users.php
Note 2 --> /admin/links/links.addstory.php
Note 2 --> /admin/links/links.backup.php
Note 2 --> /admin/links/links.banners.php
Note 2 --> /admin/links/links.blocks.php
Note 2 --> /admin/links/links.content.php
Note 2 --> /admin/links/links.download.php
Note 2 --> /admin/links/links.editadmins.php
Note 2 --> /admin/links/links.editusers.php
Note 2 --> /admin/links/links.encyclopedia.php
Note 2 --> /admin/links/links.ephemerids.php
Note 2 --> /admin/links/links.faq.php
Note 2 --> /admin/links/links.forums.php
Note 2 --> /admin/links/links.groups.php
Note 2 --> /admin/links/links.httpreferers.php
Note 2 --> /admin/links/links.messages.php
Note 2 --> /admin/links/links.modules.php
Note 2 --> /admin/links/links.newsletter.php
Note 2 --> /admin/links/links.optimize.php
Note 2 --> /admin/links/links.reviews.php
Note 2 --> /admin/links/links.sections.php
Note 2 --> /admin/links/links.settings.php
Note 2 --> /admin/links/links.submissions.php
Note 2 --> /admin/links/links.surveys.php
Note 2 --> /admin/links/links.topics.php
Note 2 --> /admin/links/links.weblinks.php
Note 3 --> /admin/modules/adminfaq.php
Note 3 --> /admin/modules/authors.php
Note 3 --> /admin/modules/backup.php
Note 3 --> /admin/modules/banners.php
Note 3 --> /admin/modules/blocks.php
Note 3 --> /admin/modules/comments.php
Note 3 --> /admin/modules/content.php
Note 3 --> /admin/modules/download.php
Note 3 --> /admin/modules/encyclopedia.php
Note 3 --> /admin/modules/ephemerids.php
Note 3 --> /admin/modules/forums.php
Note 3 --> /admin/modules/groups.php
Note 3 --> /admin/modules/links.php
Note 3 --> /admin/modules/messages.php
Note 3 --> /admin/modules/modules.php
Note 3 --> /admin/modules/newsletter.php
Note 3 --> /admin/modules/optimize.php
Note 3 --> /admin/modules/polls.php
Note 3 --> /admin/modules/referers.php
Note 3 --> /admin/modules/reviews.php
Note 3 --> /admin/modules/sections.php
Note 3 --> /admin/modules/settings.php
Note 3 --> /admin/modules/stories.php
Note 3 --> /admin/modules/topics.php
Note 3 --> /admin/modules/users.php
Note 4 --> /admin/modules/oscnuke/init.php
Note 4 --> /db/db.php
Note 1 --> /modules/AvantGo/index.php
Note 1 --> /modules/AvantGo/print.php
Note 1 --> /modules/catalog/account.php
Note 1 --> /modules/catalog/account_edit.php
Note 1 --> /modules/catalog/account_history.php
Note 1 --> /modules/catalog/account_history_info.php
Note 1 --> /modules/catalog/account_newsletters.php
Note 1 --> /modules/catalog/account_notifications.php
Note 1 --> /modules/catalog/account_book.php
Note 1 --> /modules/catalog/account_book_process.php
Note 1 --> /modules/catalog/advanced_search.php
Note 1 --> /modules/catalog/advanced_search_result.php
Note 1 --> /modules/catalog/catalog_products_with_images.php
Note 1 --> /modules/catalog/checkout_confirmation.php
Note 1 --> /modules/catalog/checkout_payment.php
Note 1 --> /modules/catalog/checkout_payment_address.php
Note 5 --> /modules/catalog/checkout_process.php
Note 1 --> /modules/catalog/checkout_shipping.php
Note 1 --> /modules/catalog/checkout_shipping_address.php
Note 1 --> /modules/catalog/checkout_success.php
Note 1 --> /modules/catalog/conditions.php
Note 1 --> /modules/catalog/cookie_usage.php
Note 1 --> /modules/catalog/customers.php
Note 2 --> /modules/catalog/download.php
Note 1 --> /modules/catalog/index.php
Note 5 --> /modules/catalog/info_shopping_cart.php
Note 6 --> /modules/catalog/ipn.php
Note 5 --> /modules/catalog/navbar.php
Note 1 --> /modules/catalog/pdf_catalogue_info.php
Note 5 --> /modules/catalog/popup_image.php
Note 5 --> /modules/catalog/popup_search_help.php
Note 2 --> /modules/catalog/print_catalog.php
Note 5 --> /modules/catalog/printorder.php
Note 5 --> /modules/catalog/privacy.php
Note 1 --> /modules/catalog/product_info.php
Note 1 --> /modules/catalog/product_reviews.php
Note 1 --> /modules/catalog/product_reviews_info.php
Note 1 --> /modules/catalog/product_reviews_write.php
Note 1 --> /modules/catalog/products_new.php
Note 2 --> /modules/catalog/redirect.php
Note 1 --> /modules/catalog/reviews.php
Note 1 --> /modules/catalog/shipping.php
Note 1 --> /modules/catalog/shopping_cart.php
Note 2 --> /modules/catalog/specials.php
Note 1 --> /modules/catalog/ssl_check.php
Note 5 --> /modules/catalog/tell_a_friend.php
Note 2 --> /modules/catalog/includes/application_bottom.php
Note 6 --> /modules/catalog/includes/application_top.php
Note 2 --> /modules/catalog/includes/column_left.php
Note 2 --> /modules/catalog/includes/column_right.php
Note 2 --> /modules/catalog/includes/counter.php
Note 2 --> /modules/catalog/includes/footer.php
Note 2 --> /modules/catalog/includes/header.php
Note 2 --> /modules/catalog/includes/print_header.php
Note 2 --> /modules/catalog/includes/spider_configure.php
Note 2 --> /modules/catalog/includes/boxes/best_sellers.php
Note 2 --> /modules/catalog/includes/boxes/categories.php
Note 2 --> /modules/catalog/includes/boxes/currencies.php
Note 2 --> /modules/catalog/includes/boxes/information.php
Note 2 --> /modules/catalog/includes/boxes/languages.php
Note 2 --> /modules/catalog/includes/boxes/manufacturer_info.php
Note 2 --> /modules/catalog/includes/boxes/manufacturers.php
Note 2 --> /modules/catalog/includes/boxes/order_history.php
Note 2 --> /modules/catalog/includes/boxes/product_notifications.php
Note 2 --> /modules/catalog/includes/boxes/reviews.php
Note 2 --> /modules/catalog/includes/boxes/search.php
Note 2 --> /modules/catalog/includes/boxes/shopping_cart.php
Note 2 --> /modules/catalog/includes/boxes/specials.php
Note 2 --> /modules/catalog/includes/boxes/tell_a_friend.php
Note 2 --> /modules/catalog/includes/boxes/whats_new.php
Note 2 --> /modules/catalog/includes/modules/additional_images.php
Note 2 --> /modules/catalog/includes/modules/address_book_details.php
Note 2 --> /modules/catalog/includes/modules/also_purchased_products.php
Note 2 --> /modules/catalog/includes/modules/checkout_new_address.php
Note 2 --> /modules/catalog/includes/modules/downloads.php
Note 2 --> /modules/catalog/includes/modules/new_products.php
Note 2 --> /modules/catalog/includes/modules/print_catalog.php
Note 2 --> /modules/catalog/includes/modules/product_listing.php
Note 2 --> /modules/catalog/includes/modules/upcoming_products.php
Note 1 --> /modules/catalog_admin/backup.php
Note 1 --> /modules/catalog_admin/banner_manager.php
Note 1 --> /modules/catalog_admin/banner_statistics.php
Note 1 --> /modules/catalog_admin/cache.php
Note 1 --> /modules/catalog_admin/categories.php
Note 2 --> /modules/catalog_admin/config.inc.php
Note 1 --> /modules/catalog_admin/configuration.php
Note 1 --> /modules/catalog_admin/countries.php
Note 1 --> /modules/catalog_admin/currencies.php
Note 1 --> /modules/catalog_admin/customers.php
Note 1 --> /modules/catalog_admin/define_language.php
Note 1 --> /modules/catalog_admin/easypopulate.php
Note 1 --> /modules/catalog_admin/file_manager.php
Note 1 --> /modules/catalog_admin/geo_zones.php
Note 1 --> /modules/catalog_admin/index.php
Note 1 --> /modules/catalog_admin/invoice.php
Note 1 --> /modules/catalog_admin/languages.php
Note 1 --> /modules/catalog_admin/mail.php
Note 1 --> /modules/catalog_admin/manufacturers.php
Note 1 --> /modules/catalog_admin/modules.php
Note 1 --> /modules/catalog_admin/newsletters.php
Note 1 --> /modules/catalog_admin/orders.php
Note 1 --> /modules/catalog_admin/orders_status.php
Note 1 --> /modules/catalog_admin/orders1.php
Note 1 --> /modules/catalog_admin/packingslip.php
Note 1 --> /modules/catalog_admin/paypal_ipn.php
Note 2 --> /modules/catalog_admin/paypal_ipn_order.php
Note 7 --> /modules/catalog_admin/pdf_catalogue.php
Note 1 --> /modules/catalog_admin/popup_image.php
Note 1 --> /modules/catalog_admin/popup_image1.php
Note 1 --> /modules/catalog_admin/products_attributes.php
Note 1 --> /modules/catalog_admin/products_expected.php
Note 1 --> /modules/catalog_admin/quick_updates.php
Note 1 --> /modules/catalog_admin/reviews.php
Note 1 --> /modules/catalog_admin/server_info.php
Note 1 --> /modules/catalog_admin/specials.php
Note 1 --> /modules/catalog_admin/stats_customers.php
Note 1 --> /modules/catalog_admin/stats_products_purchased.php
Note 1 --> /modules/catalog_admin/stats_products_viewed.php
Note 1 --> /modules/catalog_admin/tax_classes.php
Note 1 --> /modules/catalog_admin/tax_rates.php
Note 1 --> /modules/catalog_admin/whos_online.php
Note 1 --> /modules/catalog_admin/zones.php
Note 2 --> /modules/catalog_admin/includes/application_bottom.php
Note 2 --> /modules/catalog_admin/includes/application_top.php
Note 2 --> /modules/catalog_admin/includes/application_top1.php
Note 2 --> /modules/catalog_admin/includes/application_top2.php
Note 2 --> /modules/catalog_admin/includes/application_top3.php
Note 2 --> /modules/catalog_admin/includes/column_left.php
Note 2 --> /modules/catalog_admin/includes/footer.php
Note 2 --> /modules/catalog_admin/includes/header.php
Note 2 --> /modules/catalog_admin/includes/boxes/catalog.php
Note 2 --> /modules/catalog_admin/includes/boxes/configuration.php
Note 2 --> /modules/catalog_admin/includes/boxes/customers.php
Note 2 --> /modules/catalog_admin/includes/boxes/localization.php
Note 2 --> /modules/catalog_admin/includes/boxes/modules.php
Note 2 --> /modules/catalog_admin/includes/boxes/reports.php
Note 2 --> /modules/catalog_admin/includes/boxes/taxes.php
Note 2 --> /modules/catalog_admin/includes/boxes/tools.php
Note 2 --> /modules/catalog_admin/includes/graphs/banner_daily.php
Note 2 --> /modules/catalog_admin/includes/graphs/banner_infobox.php
Note 2 --> /modules/catalog_admin/includes/graphs/banner_monthly.php
Note 2 --> /modules/catalog_admin/includes/graphs/banner_yearly.php
Note 1 --> /modules/Content/index.php
Note 1 --> /modules/Downloads/index.php
Note 1 --> /modules/Downloads/voteinclude.php
Note 1 --> /modules/Encyclopedia/index.php
Note 1 --> /modules/Encyclopedia/search.php
Note 1 --> /modules/FAQ/index.php
Note 1 --> /modules/Feedback/index.php
Note 1 --> /modules/Forums/faq.php
Note 1 --> /modules/Forums/groupcp.php
Note 1 --> /modules/Forums/index.php
Note 1 --> /modules/Forums/login.php
Note 1 --> /modules/Forums/modcp.php
Note 1 --> /modules/Forums/nukebb.php
Note 1 --> /modules/Forums/posting.php
Note 1 --> /modules/Forums/profile.php
Note 1 --> /modules/Forums/search.php
Note 1 --> /modules/Forums/update_to_205.php
Note 1 --> /modules/Forums/update_to_206.php
Note 1 --> /modules/Forums/update_to_207.php
Note 1 --> /modules/Forums/viewforum.php
Note 1 --> /modules/Forums/viewonline.php
Note 1 --> /modules/Forums/viewtopic.php
Note 1 --> /modules/Journal/add.php
Note 1 --> /modules/Journal/comment.php
Note 1 --> /modules/Journal/commentkill.php
Note 1 --> /modules/Journal/commentsave.php
Note 1 --> /modules/Journal/delete.php
Note 1 --> /modules/Journal/deleteyes.php
Note 1 --> /modules/Journal/display.php
Note 1 --> /modules/Journal/edit.php
Note 1 --> /modules/Journal/friend.php
Note 1 --> /modules/Journal/functions.php
Note 1 --> /modules/Journal/index.php
Note 1 --> /modules/Journal/modify.php
Note 1 --> /modules/Journal/savenew.php
Note 1 --> /modules/Journal/search.php
Note 1 --> /modules/Members_List/index.php
Note 1 --> /modules/News/article.php
Note 1 --> /modules/News/associates.php
Note 1 --> /modules/News/categories.php
Note 1 --> /modules/News/comments.php
Note 1 --> /modules/News/friend.php
Note 1 --> /modules/News/index.php
Note 1 --> /modules/News/print.php
Note 3 --> /modules/Private_Messages/index.php
Note 1 --> /modules/Recommend_Us/index.php
Note 1 --> /modules/Reviews/index.php
Note 1 --> /modules/Search/index.php
Note 1 --> /modules/Sections/index.php
Note 1 --> /modules/Statistics/index.php
Note 1 --> /modules/Stories_Archive/index.php
Note 1 --> /modules/Submit_News/index.php
Note 1 --> /modules/Surveys/comments.php
Note 1 --> /modules/Surveys/index.php
Note 1 --> /modules/Top/index.php
Note 1 --> /modules/Topics/index.php
Note 1 --> /modules/Web_Links/index.php
Note 1 --> /modules/Web_Links/voteinclude.php
Note 1 --> /modules/Your_Account/account.php
Note 1 --> /modules/Your_Account/account_edit.php
Note 1 --> /modules/Your_Account/account_history.php
Note 1 --> /modules/Your_Account/account_history_info.php
Note 1 --> /modules/Your_Account/account_newsletters.php
Note 1 --> /modules/Your_Account/account_notifications.php
Note 1 --> /modules/Your_Account/address_book.php
Note 1 --> /modules/Your_Account/address_book_process.php
Note 1 --> /modules/Your_Account/checkout_payment.php
Note 1 --> /modules/Your_Account/checkout_payment_address.php
Note 1 --> /modules/Your_Account/checkout_shipping.php
Note 1 --> /modules/Your_Account/checkout_shipping_address.php
Note 1 --> /modules/Your_Account/config.php
Note 1 --> /modules/Your_Account/index.php
Note 5 --> /modules/Your_Account/navbar.php
Note 5 --> /modules/Your_Account/navbar1.php
Note 1 --> /modules/Your_Account/shipping.php
Note 1 --> /modules/Your_Account/shopping_cart.php

Note 1: Vulnerabilty: Full path disclosure for servers not setup to check
        the main directory when a file is not located in the current
        directory otherwise the rest of the code is executed.
Note 2: Vulnerability: Full path disclosure. File has no security check.
Note 3: Vulnerability: Full path disclosure. Possibility of SQL injection
        IF the database abstraction layer can be executed while accessing
        this file.
Note 4: Vulnerabilty: Full path disclosure or the code can be made to execute
        passing in proper variable values. File has no security check.
Note 5: Vulnerabilty: Full path disclosure.
Note 6: Rest of the code is executed. File has no security check.
Note 7: Vulnerabilty: Full path disclosure for servers not setup to check
        the main directory when a file is not located in the current
        directory otherwise the rest of the code is executed. File has no
        security check.

Credits -- Module Developers:
----------------------------

Admin FAQ/Authors/AvantGo/Backup/Banners/Blocks/Comments/Content/
Download/Encyclopedia/Ephemerids/Groups/Links/Messages/Modules/
News/Newsletter/Polls/Recommend Us/Referers/Reviews/Search/Sections/
Settings/Statistics/Stories/Stories Archive/Submit News/Surveys/Top/
Topics/Users/Web Links:
- Francisco Burzi (http://www.phpnuke.org)
- chatserv (http://www.nukefixes.com) (http://www.nukeresources.com)

Bookmarks/Journal/News/Tracking:
- Paul Laudanski and his team from Computer Cops (http://www.computercops.biz)
and NukeCops (http://www.nukecops.com/) "Official" PhpNuke Developers

Admin FAQ:
- Richard Tirtadji AKA King Richard (http://www.nukeaddon.com)
- Hutdik Hermawan AKA hotFix (http://www.nukeaddon.com)

AvantGo:
- Tim Litwiller (http://linux.made-to-order.net)

Backup:
- Thomas Rudant (http://www.grunk.net) (http://www.securite-internet.org)

Bookmarks:
- David Moulton (http://www.themoultons.net)

Comments:
- Oleg [Dark Pastor] Martos (http://www.rolemancer.ru)

Forums/Members List/Private Messages (PHPBB2 forums code ported to PHPNuke):
- The phpBB Group (http://www.phpbb.com)
- Tom Nitzschner (http://bbtonuke.sourceforge.net) (http://www.toms-home.com)
- Paul Laudanski and his team from Computer Cops (http://www.computercops.biz)
and NukeCops (http://www.nukecops.com/) "Official" PhpNuke Developers
- chatserv (http://www.nukefixes.com) (http://www.nukeresources.com)

Journal:
- Joseph Howard (Member's Journal)
- Trevor Scott (Atomic Journal)

Links:
- James Knickelbein (http://www.journeymilwaukee.com)

Optimize:
- Xavier JULIE (http://www.securite-internet.org)
- chatserv (http://www.nukefixes.com) (http://www.nukeresources.com)

osCommerce
- The osCommerce Development Group (http://www.oscommerce.com)

Resend Email:
- Gaylen Fraley (http://gaylenandmargie.com/phpwebsite)

Reviews:
- Jeff Lambert (http://www.qchc.com)

Statistics:
- Harry Mangindaan (http://www.nuketest.com)
- Sudirman (http://www.nuketest.com)

Tracking:
- WebStyle (http://www.wstyle.org)

Web Links:
- James Knickelbein (http://www.journeymilwaukee.com)

WebMail:
- Sivaprasad R.L (http://netlogger.net)
- Don Grabowski (http://ecomjunk.com)
- Akan Nkweini (http://www.p3mail.com)
- Leo West

Your Account:
- Francisco Burzi (http://www.phpnuke.org)

===========================================================================
===========================================================================

Next message: Valdis.Kletnieks_at_vt.edu: "Re: LinkSys WRT54G administration page availble to WAN"

Previous message: Squid: "[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[UNIX] Multiple Vulnerabilities in Ez Publish
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... been found in the product, Sensitive information disclosure, Cross Site ... Scripting, and Path Disclosure. ... A security vulnerability was found in Ez publish which allows a remote ...
(Securiteam)
[UNIX] Inadequate Security Checking in OSC2Nuke
... Get your security news from a reliable source. ... path disclosure, etc. ... The process consists of capturing the currently executing script's path ... In the majority of cases here, exploitation of this vulnerability will ...
(Securiteam)
[Squid 2004-Nuke-001] Inadequate Security Checking in PHPNuke v7.3 and earlier
... PhpNuke's core, module, and patch developers added a simple security checking ... In the majority of cases here, exploition of this vulnerability will display ... Note 2: Vulnerability: Full path disclosure. ...
(Bugtraq)
[Full-disclosure] [ESNC-2013-002] Privilege Escalation in SAP Production Planning and Co
... This vulnerability allows bypassing authority checks that exist before ... executing a transaction. ... A transaction in SAP terminology is the execution ... -- Original security advisory: ...
(Full-Disclosure)
[Full-disclosure] [ESNC-2013-001] Privilege Escalation in SAP Healthcare Industry Soluti
... This vulnerability allows bypassing authority checks that exist before ... executing a transaction. ... A transaction in SAP terminology is the execution ... -- Original Security Advisory: http://www.esnc.de ...
(Full-Disclosure)