4 matches found
SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...
Mobile malware analysis for the BBC
This is a version of our report referenced in the Helping a mobile malware fraud victim blog post, with all sensitive information removed. Summary One malicious application was identified on the device, and evidence identified during the examination strong suggests though this cannot be confirmed...
U.S. Dept Of Defense: Access to requests and approvals via /█████ allows sensitive information gathering
Summary: An adversary is able to view/modify requests and approvals via ████████/████████. Step-by-step Reproduction Instructions 1. Browse to █████ and create an account or sign in. 2. Browse to ███████/██████████. You can now view current/past requests. 3. Clicking on these requests seems to...
SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering
This module makes use of the RFCSYSTEMINFO Function to obtain the operating system version, SAP version, IP address and other information through the use of the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source:...