Re: SAP Pen Testing

[Mailinglisten <mozilla () ids-guide de>]

Hi,

looks like SAP requires the HTTP PUT method on it's J2EE app server. I
just stumbled about it in a pen-test. So maybe you can upload scripts,
if you find a directory with write permissions and run commands using
the uploaded scripts.

Hope that helps ;-)

YB> I know there was a previous thread on this topic, however some of the
YB> information provided was not relevent.

YB> In this case I am pentesting the Enterprise Portal; the actual R/3 database
YB> is out of scope for this engagement.  The portal is a J2EE application
YB> server. We will also be testing a TREX system that is part of the
YB> environment.  

YB> I am going to be running through the typical stuff for most web
YB> applications, as well as some platform specific issues.  Anyone know of any
YB> issues or gotchas with SAP?

YB> Regards,
YB> Yvan Boily




-- 
Mit freundlichen Grüßen
Mailinglisten
mailto:mozilla () ids-guide de