Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SAP Directory Listing" module is designed to detect misconfigurations in SAP software. It specifically targets the SAP NetWeaver platform. This module has a medium severity level and was authored by dhiyaneshDK.
This module helps identify potential vulnerabilities in the SAP Directory Listing feature. By detecting misconfigurations, it helps prevent unauthorized access to sensitive information and protects against potential security breaches.
The "SAP Directory Listing" module uses HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/irj/go/km/navigation/" path and applies the following matching conditions:
- The response must contain the words "title="~system"" and "NetWeaver". - The response status code must be 200. - The response header must contain the word "text/html".These conditions are used to identify instances where the SAP Directory Listing feature is misconfigured, potentially exposing sensitive information to unauthorized users.