SAP Web Dispatcher admin portal detection

ID: sap-web-dispatcher-admin-portal

Severity: info

Author: randomstr1ng

Tags: sap,webserver,proxy,tech

Description

Detection of SAP Web Dispatcher Admin Portal

YAML Source

id: sap-web-dispatcher-admin-portal

info:
  name: SAP Web Dispatcher admin portal detection
  author: randomstr1ng
  severity: info
  description: Detection of SAP Web Dispatcher Admin Portal
  metadata:
    max-request: 1
    shodan-query: http.favicon.hash:-266008933
    product: content_server
    vendor: sap
    fofa-query: icon_hash=-266008933
  tags: sap,webserver,proxy,tech

http:
  - method: GET
    host-redirects: true
    max-redirects: 2
    path:
      - "{{BaseURL}}/sap/wdisp/admin/public/default.html"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        condition: or
        words:
          - "Basic realm=\"WEB ADMIN\""
          - "SAP NetWeaver Application Server"

      - type: status
        condition: or
        status:
          - 401
          - 200

      - type: word
        part: body
        condition: or
        words:
          - "SAP Web Dispatcher"
          - "<title>Administration</title>"
# digest: 4a0a004730450220710af66ce75b5a725e29e7dea39b1a11bc8ae5f15385db31515ef45ec3d87039022100aac3025ed3c2b4e35dc2a8dabcc7ac20a8be262f9d449730f5a37ab880c8f741:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/technologies/sap/sap-web-dispatcher-admin-portal.yaml"

View on Github