Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SAP NetWeaver WebGUI Detection

By kannthu

Informative
Vidoc logoVidoc Module
#sap#webserver#tech
Description

SAP NetWeaver WebGUI Detection

What is the "SAP NetWeaver WebGUI Detection?"

The SAP NetWeaver WebGUI Detection module is designed to identify misconfigurations or potential vulnerabilities in the SAP NetWeaver ABAP Webserver WebGUI. The WebGUI is a web-based user interface for SAP applications. This module is an informative test that helps users assess the security of their SAP NetWeaver WebGUI installations.

This module has a severity level of informative, which means it provides valuable information about the target system but does not actively exploit any vulnerabilities.

Impact

This module does not have any direct impact on the target system. It only provides information about potential misconfigurations or vulnerabilities in the SAP NetWeaver WebGUI.

How the module works?

The SAP NetWeaver WebGUI Detection module works by sending a GET request to the "/sap/bc/gui/sap/its/webgui" path of the target system. It then analyzes the response body for specific patterns that indicate the presence of the SAP NetWeaver WebGUI.

The module uses the following matching conditions:

- The response body must contain the word "sap-system-login" or the HTML title tag "".

If both conditions are met, the module considers the SAP NetWeaver WebGUI to be present on the target system.

By running this module, users can gain insights into the configuration and potential vulnerabilities of their SAP NetWeaver WebGUI installations.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sap/bc/gui/sap/its/...
Matching conditions
word: sap-system-login, <title>Logon</title>
Passive global matcher
No matching conditions.
On match action
Report vulnerability