inurl:/scripts/wgate

  • 日期:2019-01-09
  • 类别:
  • 作者:FlyingFrog
  • 语法:inurl:/scripts/wgate
  • AUTHOR: FlyingFrog
    Twitter: @ItsKarl0z

    ++ SAP ITS System Information ++

    inurl:/scripts/wgate
    - Potential for RFC exploit to extra valuable data
    - Potential theft of username and password
    - Potential creation of SAP_ALL privilege users
    - Potential vulnerable to RFC callback
    - 1 Vulnerabillites on Exploit DB available for SAP its at the time of writing
    - Source and explanation for the Exploit:
        - https://securityaffairs.co/wordpress/71908/security/sap-configuration-flaw.html
    - 386 results at the time of writing

    DISCLAIMER:
    (The vulnerabilities are suggestions, none of them have been tested by me,
    always request permission before testing anything on someone else system)
    Some of these are sourced from Onapsis, ERPscan and Rapid7 all have great sources on SAP testing