Moving files around + duplicate remove

2021-06-05 15:57:13 +05:30 · 2021-06-05 15:57:13 +05:30 · a85c1dd35a
parent 141cf6a6cf
commit a85c1dd35a
5 changed files with 49 additions and 54 deletions
--- a/misconfiguration/sap/sap-netweaver-info-leak.yaml
+++ b/misconfiguration/sap/sap-netweaver-info-leak.yaml
@ -0,0 +1,25 @@
+id: sap-netweaver-info-leak
+
+info:
+  name: SAP NetWeaver ICM Info page leak
+  author: randomstr1ng
+  description: Detection of SAP NetWeaver ABAP Webserver /public/info page
+  severity: medium
+  tags: sap,exposure
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sap/public/info"
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - "RFC_SYSTEM_INFO.Response"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "<RFCDEST>.*</RFCDEST>"
--- a/technologies/sap-netweaver-as-java-detect.yaml
+++ b/technologies/sap-netweaver-as-java-detect.yaml
@ -1,20 +0,0 @@
-id: sap-netweaver-as-java-detect
-
-info:
-  name: SAP NetWeaver AS JAVA (LM Configuration Wizard) Detection
-  author: dwisiswant0
-  severity: info
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean?wsdl"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "urn:CTCWebServiceSi"
-        part: body
-      - type: status
-        status:
-          - 200
--- a/technologies/sap-netweaver-detect.yaml
+++ b/technologies/sap-netweaver-detect.yaml
@ -1,4 +1,4 @@
-id: sap-nw-detect
+id: sap-netweaver-detect

 info:
  name: SAP NetWeaver ICM Detection
--- a/technologies/sap-netweaver-webgui.yaml
+++ b/technologies/sap-netweaver-webgui.yaml
@ -0,0 +1,23 @@
+id: sap-nw-webgui
+
+info:
+  name: SAP NetWeaver WebGUI Detection
+  author: randomstr1ng
+  description: Detection of SAP NetWeaver ABAP Webserver WebGUI
+  severity: info
+  tags: sap,webserver
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sap/bc/gui/sap/its/webgui"
+
+    redirects: true
+    max-redirects: 2
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "sap-system-login"
+          - "<title>Logon</title>"
+        condition: or
--- a/technologies/sap-recon-detect.yaml
+++ b/technologies/sap-recon-detect.yaml
@ -1,33 +0,0 @@
-id: sap-recon-detect
-
-info:
-  name: SAP RECON Finder
-  author: samueladi_ & organiccrap
-  severity: medium
-  tags: tech,sap
-  reference: https://github.com/chipik/SAP_RECON
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/CTCWebService/CTCWebServiceBean?wsdl"
-
-    matchers-condition: and
-    matchers:
-
-      - type: word
-        words:
-          - CTCManagementException
-          - RemoteException
-          - cancelExecution
-        condition: or
-
-      - type: word
-        words:
-          - "text/xml"
-          - "SAP NetWeaver Application Server"
-        part: header
-
-      - type: status
-        status:
-          - 200