Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SAP Directory Listing

By kannthu

Medium
Vidoc logoVidoc Module
#sap#listing#misconfig
Description

What is the "SAP Directory Listing?" module?

The "SAP Directory Listing" module is designed to detect misconfigurations in SAP software. It specifically targets the SAP NetWeaver platform. This module has a medium severity level and was authored by dhiyaneshDK.

Impact

This module helps identify potential vulnerabilities in the SAP Directory Listing feature. By detecting misconfigurations, it helps prevent unauthorized access to sensitive information and protects against potential security breaches.

How does the module work?

The "SAP Directory Listing" module uses HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/irj/go/km/navigation/" path and applies the following matching conditions:

- The response must contain the words "title="~system"" and "NetWeaver". - The response status code must be 200. - The response header must contain the word "text/html".

These conditions are used to identify instances where the SAP Directory Listing feature is misconfigured, potentially exposing sensitive information to unauthorized users.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/irj/go/km/navigatio...
Matching conditions
word: title="~system", NetWeaverand
status: 200and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability