nuclei-templates/http/misconfiguration/sap/sap-netweaver-info-leak.yaml

id: sap-netweaver-info-leak

info:
  name: SAP NetWeaver ICM Info page leak
  author: randomstr1ng
  severity: medium
  description: Detection of SAP NetWeaver ABAP Webserver /public/info page
  reference:
    - https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/
    - https://github.com/Jean-Francois-C/SAP-Security-Audit
  metadata:
    max-request: 1
    shodan-query: http.favicon.hash:-266008933
  tags: sap,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/sap/public/info"

    matchers:
      - type: regex
        part: body
        regex:
          - "RFC_SYSTEM_INFO.Response"

    extractors:
      - type: regex
        part: body
        regex:
          - "<RFCDEST>.*</RFCDEST>"

# digest: 490a0046304402207ad7d1a61a6958746e27b31d8be46eeffef69a87635db3c0bb23b0ae90fe7f6502207c7a65743f25f94df7cf19bbf362916d654f3887c25795b2063cc9f50ca0d3a9:922c64590222798bb761d5b6d8e72950
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00			`id: sap-netweaver-info-leak`

			`info:`
			`name: SAP NetWeaver ICM Info page leak`
			`author: randomstr1ng`
			`severity: medium`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: Detection of SAP NetWeaver ABAP Webserver /public/info page`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://www.acunetix.com/vulnerabilities/web/sap-icf-sap-public-info-sensitive-information-disclosure/`
			`- https://github.com/Jean-Francois-C/SAP-Security-Audit`
Update sap-netweaver-info-leak.yaml 2022-07-21 18:26:52 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
Update sap-netweaver-info-leak.yaml 2022-07-21 18:26:52 +00:00			`shodan-query: http.favicon.hash:-266008933`
add misconfig tag to templates in http/misconfiguration 2023-06-02 23:20:49 +00:00			`tags: sap,misconfig`
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Moving files around + duplicate remove 2021-06-05 10:27:13 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/sap/public/info"`

			`matchers:`
			`- type: regex`
			`part: body`
			`regex:`
			`- "RFC_SYSTEM_INFO.Response"`

			`extractors:`
			`- type: regex`
			`part: body`
			`regex:`
templateman update 2023-10-14 11:27:55 +00:00			`- "<RFCDEST>.*</RFCDEST>"`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 490a0046304402207ad7d1a61a6958746e27b31d8be46eeffef69a87635db3c0bb23b0ae90fe7f6502207c7a65743f25f94df7cf19bbf362916d654f3887c25795b2063cc9f50ca0d3a9:922c64590222798bb761d5b6d8e72950`