Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SAP NetWeaver ICM Info page leak" module is designed to detect a vulnerability in the SAP NetWeaver ABAP Webserver. It specifically targets the "/sap/public/info" page and checks for the presence of the "RFC_SYSTEM_INFO.Response" string in the response body. This vulnerability can lead to sensitive information disclosure.
This module has a medium severity level and was authored by randomstr1ng.
If the vulnerability is present, an attacker could potentially gain access to sensitive information through the SAP NetWeaver ICM Info page. This could include system details and configurations that may aid in further attacks.
The module works by sending a GET request to the "/sap/public/info" path of the target SAP NetWeaver ABAP Webserver. It then checks the response body for the presence of the "RFC_SYSTEM_INFO.Response" string using a regular expression matcher.
Here is an example of the HTTP request sent by the module:
GET /sap/public/info
The module uses a single matching condition, which checks if the "RFC_SYSTEM_INFO.Response" string is found in the response body. If the condition is met, the module will report the vulnerability.
For more information, you can refer to the following references:
- https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/ - https://github.com/Jean-Francois-C/SAP-Security-Audit