XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, sap.com

Crowdsourcing for Live Exploit Coverage = DORK

1. Cross-site scripting (reflected)

1.1. http://www.sap.com/about-sap/company/legal [REST URL parameter 1]

1.2. http://www.sap.com/about-sap/events [REST URL parameter 1]

1.3. http://www.sap.com/campaign/2011_CURR_SAP [REST URL parameter 1]

1.4. http://www.sap.com/common/formAbandonW [REST URL parameter 1]

1.5. http://www.sap.com/global/client_functions [REST URL parameter 1]

1.6. http://www.sap.com/global/client_functions.js [REST URL parameter 1]

1.7. http://www.sap.com/global/css/Flyouts.css [REST URL parameter 1]

1.8. http://www.sap.com/global/css/MainCont [REST URL parameter 1]

1.9. http://www.sap.com/global/css/MainContentPanel.css [REST URL parameter 1]

1.10. http://www.sap.com/global/css/MainLeftPanel [REST URL parameter 1]

1.11. http://www.sap.com/global/css/MainLeftPanel.css [REST URL parameter 1]

1.12. http://www.sap.com/global/css/MainRigh [REST URL parameter 1]

1.13. http://www.sap.com/global/css/MainRightPanel.css [REST URL parameter 1]

1.14. http://www.sap.com/global/css/dropdownlist [REST URL parameter 1]

1.15. http://www.sap.com/global/css/dropdownlist.css [REST URL parameter 1]

1.16. http://www.sap.com/global/css/full_browser [REST URL parameter 1]

1.17. http://www.sap.com/global/css/full_browser_pc_ie.css [REST URL parameter 1]

1.18. http://www.sap.com/global/js/Validations.js [REST URL parameter 1]

1.19. http://www.sap.com/global/js/addthis_widget [REST URL parameter 1]

1.20. http://www.sap.com/global/js/addthis_widget.js [REST URL parameter 1]

1.21. http://www.sap.com/global/js/jquery-1_3_2 [REST URL parameter 1]

1.22. http://www.sap.com/global/js/jquery-1_3_2/jquery-1.3.2.min.js [REST URL parameter 1]

1.23. http://www.sap.com/global/swf/Flash_Header [REST URL parameter 1]

1.24. http://www.sap.com/global/ui/fonts/bensbk [REST URL parameter 1]

1.25. http://www.sap.com/global/ui/fonts/bensbk-webfont.ttf [REST URL parameter 1]

1.26. http://www.sap.com/global/ui/fonts/bensbk-webfont.woff [REST URL parameter 1]

1.27. http://www.sap.com/global/ui/js/common.js [REST URL parameter 1]

1.28. http://www.sap.com/global/ui/js/head.js [REST URL parameter 1]

1.29. http://www.sap.com/global/unified/css [REST URL parameter 1]

1.30. http://www.sap.com/global/unified/css/StageHeaderMainFooter.css [REST URL parameter 1]

1.31. http://www.sap.com/gwtservices/httpBridge [REST URL parameter 1]

1.32. http://www.sap.com/gwtservices/httpBridge.epx [REST URL parameter 1]

1.33. http://www.sap.com/gwtservices/verifylogin [REST URL parameter 1]

1.34. http://www.sap.com/lines-of-business/index [REST URL parameter 1]

1.35. http://www.sap.com/lines-of-business/lines [REST URL parameter 1]

1.36. http://www.sap.com/news-reader/ [REST URL parameter 1]

1.37. http://www.sap.com/partners/partnerwithsap [REST URL parameter 1]

1.38. http://www.sap.com/print/sme/search/SAP_nn6 [REST URL parameter 1]

1.39. http://www.sap.com/print/sme/search/SAP_nn6.js [REST URL parameter 1]

1.40. http://www.sap.com/print/zzzzzz=yyyyy [REST URL parameter 1]

1.41. http://www.sap.com/search/search-results [REST URL parameter 1]

1.42. http://www.sap.com/sme/howtobuy/solution [REST URL parameter 1]

1.43. http://www.sap.com/sme/partners/findpartner [REST URL parameter 1]

1.44. http://www.sap.com/sme/search/SAP_nn6.js [REST URL parameter 1]

1.45. http://www.sap.com/sme/seeitinaction [REST URL parameter 1]

1.46. http://www.sap.com/sme/seeitinaction/index [REST URL parameter 1]

1.47. http://www.sap.com/sme/solutions/busin [REST URL parameter 1]

1.48. http://www.sap.com/solutions/business-suite [REST URL parameter 1]

1.49. http://www.sap.com/solutions/rapid [REST URL parameter 1]

1.50. http://www.sap.com/text/sme/search/SAP_nn6 [REST URL parameter 1]

1.51. http://www.sap.com/text/sme/search/SAP_nn6.js [REST URL parameter 1]

1.52. http://www.sap.com/text/zzzzzz=yyyyy [REST URL parameter 1]

1.53. https://www.sap.com/contactsap/contact_warning.epx [name of an arbitrarily supplied request parameter]

1.54. https://www.sap.com/profile/warning.epx [name of an arbitrarily supplied request parameter]

1.55. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles [REST URL parameter 1]

1.56. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles [REST URL parameter 1]

1.57. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles [REST URL parameter 2]

1.58. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles [REST URL parameter 2]

1.59. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]

1.60. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 1]

1.61. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]

1.62. http://www.sapbusinessoptimizer.com/css/fancy-popup-styles.css [REST URL parameter 2]

1.63. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]

1.64. http://www.sapbusinessoptimizer.com/favicon.ico [REST URL parameter 1]

1.65. http://www.sapbusinessoptimizer.com/favicon.icoab7fe"> [REST URL parameter 1]

1.66. http://www.sapbusinessoptimizer.com/favicon.icoab7fe"> [REST URL parameter 1]

1.67. http://www.sapbusinessoptimizer.com/favicon.icoab7fe">