SAP /sap/bc/soap/rfc SOAP Service SXPG_CALL_SYSTEM Function Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...

SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...

SAP Web Application Server crossite scripting

Crossite scripting with /sap/bc/gui/sap/its/webgui/...

CYBSEC-SAPBC2.txt

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryArbitraryFileReadorDeleteinSAPBC.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Arbitrary File Read/Delete in SAP BC Business Connector Vulnerability Class: Improper Input...

CYBSEC - Security Pre-Advisory: Phishing Vector in SAP BC

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityPre-AdvisoryPhishingVectorinSAPBC.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: Phishing Vector in SAP BC Business Connector Vulnerability Class: Phishing Vector / Improper Input...