Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SAP HANA XS Engine Admin Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#sap
Description

What is the "SAP HANA XS Engine Admin Login Panel - Detect?"

The "SAP HANA XS Engine Admin Login Panel - Detect" module is designed to detect the presence of the SAP HANA XS Engine admin login panel. This module targets the SAP HANA XS Engine, which is a component of the SAP HANA database system. The severity of this module is classified as informative, meaning it provides information about the presence of the admin login panel but does not indicate any specific vulnerability or misconfiguration. The original author of this module is PR3R00T.

Impact

This module does not have any direct impact on the system. It simply detects the presence of the SAP HANA XS Engine admin login panel, providing information about its existence.

How does the module work?

The module works by sending an HTTP GET request to the "/sap/hana/xs/formLogin/login.html" path. It then checks the response body for the presence of the "/sap/hana/xs/formLogin/images/sap.png" word. If this word is found, the module considers the admin login panel to be present.

Example HTTP request:

GET /sap/hana/xs/formLogin/login.html

The module uses a word matcher to check if the response body contains the "/sap/hana/xs/formLogin/images/sap.png" word. If the word is found, the module reports the detection of the admin login panel.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sap/hana/xs/formLog...
Matching conditions
word: /sap/hana/xs/formLogin/images/sap.png
Passive global matcher
No matching conditions.
On match action
Report vulnerability