Penetration Testing mailing list archives
Re: SAP Pen Testing
From: Mailinglisten <mozilla () ids-guide de>
Date: Sat, 26 Feb 2005 15:48:22 +0100
Hi, looks like SAP requires the HTTP PUT method on it's J2EE app server. I just stumbled about it in a pen-test. So maybe you can upload scripts, if you find a directory with write permissions and run commands using the uploaded scripts. Hope that helps ;-) YB> I know there was a previous thread on this topic, however some of the YB> information provided was not relevent. YB> In this case I am pentesting the Enterprise Portal; the actual R/3 database YB> is out of scope for this engagement. The portal is a J2EE application YB> server. We will also be testing a TREX system that is part of the YB> environment. YB> I am going to be running through the typical stuff for most web YB> applications, as well as some platform specific issues. Anyone know of any YB> issues or gotchas with SAP? YB> Regards, YB> Yvan Boily -- Mit freundlichen Grüßen Mailinglisten mailto:mozilla () ids-guide de
Current thread:
- SAP Pen Testing Yvan Boily (Feb 22)
- Re: SAP Pen Testing Mailinglisten (Feb 26)