Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SAP NetWeaver ICM Info page leak

By kannthu

Medium
Vidoc logoVidoc Module
#sap
Description

What is the "SAP NetWeaver ICM Info page leak?"

The "SAP NetWeaver ICM Info page leak" module is designed to detect a vulnerability in the SAP NetWeaver ABAP Webserver. It specifically targets the "/sap/public/info" page and checks for the presence of the "RFC_SYSTEM_INFO.Response" string in the response body. This vulnerability can lead to sensitive information disclosure.

This module has a medium severity level and was authored by randomstr1ng.

Impact

If the vulnerability is present, an attacker could potentially gain access to sensitive information through the SAP NetWeaver ICM Info page. This could include system details and configurations that may aid in further attacks.

How does the module work?

The module works by sending a GET request to the "/sap/public/info" path of the target SAP NetWeaver ABAP Webserver. It then checks the response body for the presence of the "RFC_SYSTEM_INFO.Response" string using a regular expression matcher.

Here is an example of the HTTP request sent by the module:

GET /sap/public/info

The module uses a single matching condition, which checks if the "RFC_SYSTEM_INFO.Response" string is found in the response body. If the condition is met, the module will report the vulnerability.

For more information, you can refer to the following references:

- https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/ - https://github.com/Jean-Francois-C/SAP-Security-Audit

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sap/public/info
Matching conditions
regex: RFC_SYSTEM_INFO.Response
Passive global matcher
No matching conditions.
On match action
Report vulnerability