SAP is the most popular business application. More than 180000 customers worldwide have it.
Companies like Nike, Coca-Cola, Sony working... with SAP systems
In this post, we are going to talk about how we can exploit this weaknesses.
First of all, we need to locate possibles SAP vulnerables servers. As usual, we are going to use Shodan.
Then, we are going to execute commands on the SAP server through our web browser using the nexts URL queries without authentication.
We can see the running processes on the server