Fiori Launchpad Login Panel - Detect

What is the "Fiori Launchpad Login Panel - Detect" module?

The "Fiori Launchpad Login Panel - Detect" module is designed to detect the presence of the Fiori Launchpad login panel. It targets the Fiori Launchpad software and aims to identify any misconfigurations or vulnerabilities related to the login panel. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by dhiyaneshDK.

Impact

The detection of the Fiori Launchpad login panel does not directly indicate any impact or risk. However, it can help identify potential security weaknesses or configuration issues that may require further investigation and remediation.

How does the module work?

The "Fiori Launchpad Login Panel - Detect" module utilizes HTTP request templates and matching conditions to identify the presence of the login panel. It sends a GET request to the "/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?saml2=disabled" path and applies the following matching conditions:

- The response body must contain the words "<title>Logon</title>" and "fioriLogin". - The response status code must be 200.

If both conditions are met, the module considers the Fiori Launchpad login panel to be detected.

Example HTTP request:

GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html?saml2=disabled

The module then reports the detection of the login panel as an informative finding.

For more information, you can refer to the exploit-db.com reference.

Metadata:

max-request: 1