nuclei-templates/http/misconfiguration/sap/sap-netweaver-info-leak.yaml

id: sap-netweaver-info-leak

info:
  name: SAP NetWeaver ICM Info page leak
  author: randomstr1ng
  severity: medium
  description: Detection of SAP NetWeaver ABAP Webserver /public/info page
  reference:
    - https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/
    - https://github.com/Jean-Francois-C/SAP-Security-Audit
  metadata:
    max-request: 1
    shodan-query: http.favicon.hash:-266008933
    product: content_server
    vendor: sap
    fofa-query: icon_hash=-266008933
  tags: sap,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/sap/public/info"

    matchers:
      - type: regex
        part: body
        regex:
          - "RFC_SYSTEM_INFO.Response"

    extractors:
      - type: regex
        part: body
        regex:
          - "<RFCDEST>.*</RFCDEST>"
# digest: 4a0a00473045022100db8882e18c02a5cffed9736a19204a82df1d180c5a7c4c066ce16ab73f11de5802202cf2878825fdd94f30dc13652ddea95e4e7726e133dd9b92fe4c3fb6f4a37f96:922c64590222798bb761d5b6d8e72950
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00			`id: sap-netweaver-info-leak`

			`info:`
			`name: SAP NetWeaver ICM Info page leak`
			`author: randomstr1ng`
			`severity: medium`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: Detection of SAP NetWeaver ABAP Webserver /public/info page`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/`
			`- https://github.com/Jean-Francois-C/SAP-Security-Audit`
Update sap-netweaver-info-leak.yaml 2022-07-21 18:26:52 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
Update sap-netweaver-info-leak.yaml 2022-07-21 18:26:52 +00:00			`shodan-query: http.favicon.hash:-266008933`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`product: content_server`
			`vendor: sap`
			`fofa-query: icon_hash=-266008933`
add misconfig tag to templates in http/misconfiguration 2023-06-02 23:20:49 +00:00			`tags: sap,misconfig`
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/sap/public/info"`

			`matchers:`
			`- type: regex`
			`part: body`
			`regex:`
			`- "RFC_SYSTEM_INFO.Response"`

			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
templateman update 2023-10-14 11:27:55 +00:00			`- "<RFCDEST>.*</RFCDEST>"`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a00473045022100db8882e18c02a5cffed9736a19204a82df1d180c5a7c4c066ce16ab73f11de5802202cf2878825fdd94f30dc13652ddea95e4e7726e133dd9b92fe4c3fb6f4a37f96:922c64590222798bb761d5b6d8e72950`