Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "SAP Web Dispatcher admin portal detection" module is designed to detect the presence of the SAP Web Dispatcher Admin Portal. This module focuses on identifying misconfigurations or vulnerabilities related to the SAP Web Dispatcher software. The severity of the findings is informative, meaning it provides valuable information but does not indicate a critical security issue. The original author of this module is randomstr1ng.
The impact of the SAP Web Dispatcher admin portal detection module is primarily informational. It helps identify potential misconfigurations or vulnerabilities in the SAP Web Dispatcher Admin Portal, allowing administrators to take appropriate actions to secure their systems.
The module works by sending HTTP requests to specific paths and analyzing the responses for matching conditions. In the case of the SAP Web Dispatcher admin portal detection, the module sends a GET request to the path "/sap/wdisp/admin/public/default.html". It then applies several matching conditions to determine if the SAP Web Dispatcher Admin Portal is present:
- Header Matcher: The module checks if the response header contains the words "Basic realm="WEB ADMIN"" or "SAP NetWeaver Application Server". If either of these words is found, it indicates the presence of the SAP Web Dispatcher Admin Portal. - Status Matcher: The module checks if the response status code is either 401 (Unauthorized) or 200 (OK). If either of these status codes is returned, it suggests the presence of the SAP Web Dispatcher Admin Portal. - Body Matcher: The module searches for the words "SAP Web Dispatcher" or "" in the response body. If any of these words are found, it indicates the presence of the SAP Web Dispatcher Admin Portal.By combining these matching conditions, the module can accurately detect the SAP Web Dispatcher Admin Portal.
For example, the module sends a GET request to "/sap/wdisp/admin/public/default.html" and checks if the response header contains the words "Basic realm="WEB ADMIN"" or "SAP NetWeaver Application Server". It also verifies if the response status code is either 401 or 200. Additionally, it searches for the words "SAP Web Dispatcher" or "" in the response body. If any of these conditions are met, the module reports the presence of the SAP Web Dispatcher Admin Portal.