SAP Direct Browsing URLs for Pentesting

时间:2021-11-23 23:31:55

#From: securityaegis.com

SAP Direct.

List of SAP HTTP Resources to hack at…
 
  • /rep/build_info.html
  • /rep/build_info.jsp
  • /run/build_info.html
  • /run/build_info.jsp
  • /rwb/version.html
  • /sap/bc/bsp/esh_os_service/favicon.gif
  • /sap/bc/bsp/sap
  • /sap/bc/bsp/sap/alertinbox
  • /sap/bc/bsp/sap/bsp_dlc_frcmp
  • /sap/bc/bsp/sap/bsp_veri
  • /sap/bc/bsp/sap/bsp_verificatio
  • /sap/bc/bsp/sap/bsp_wd_base
  • /sap/bc/bsp/sap/bspwd_basics
  • /sap/bc/bsp/sap/certmap
  • /sap/bc/bsp/sap/certreq
  • /sap/bc/bsp/sap/crm_bsp_frame
  • /sap/bc/bsp/sap/crmcmp_bpident/
  • /sap/bc/bsp/sap/crmcmp_brfcase
  • /sap/bc/bsp/sap/crmcmp_hdr
  • /sap/bc/bsp/sap/crmcmp_hdr_std
  • /sap/bc/bsp/sap/crmcmp_ic_frame
  • /sap/bc/bsp/sap/crm_thtmlb_util
  • /sap/bc/bsp/sap/crm_ui_frame
  • /sap/bc/bsp/sap/crm_ui_start
  • /sap/bc/bsp/sap/esh_sap_link
  • /sap/bc/bsp/sap/esh_sapgui_exe
  • /sap/bc/bsp/sap/graph_bsp_test
  • /sap/bc/bsp/sap/graph_bsp_test/Mimes
  • /sap/bc/bsp/sap/gsbirp
  • /sap/bc/bsp/sap/htmlb_samples
  • /sap/bc/bsp/sap/iccmp_bp_cnfirm
  • /sap/bc/bsp/sap/iccmp_hdr_cntnr
  • /sap/bc/bsp/sap/iccmp_hdr_cntnt
  • /sap/bc/bsp/sap/iccmp_header
  • /sap/bc/bsp/sap/iccmp_ssc_ll/
  • /sap/bc/bsp/sap/ic_frw_notify
  • /sap/bc/bsp/sap/it00
  • /sap/bc/bsp/sap/public/bc
  • /sap/bc/bsp/sap/public/graphics
  • /sap/bc/bsp/sap/sam_demo
  • /sap/bc/bsp/sap/sam_notifying
  • /sap/bc/bsp/sap/sam_sess_queue
  • /sap/bc/bsp/sap/sbspext_htmlb
  • /sap/bc/bsp/sap/sbspext_xhtmlb
  • /sap/bc/bsp/sap/spi_admin
  • /sap/bc/bsp/sap/spi_monitor
  • /sap/bc/bsp/sap/sxms_alertrules
  • /sap/bc/bsp/sap/system
  • /sap/bc/bsp/sap/thtmlb_scripts
  • /sap/bc/bsp/sap/thtmlb_styles
  • /sap/bc/bsp/sap/uicmp_ltx
  • /sap/bc/bsp/sap/xmb_bsp_log
  • /sap/bc/contentserver
  • /sap/bc/echo
  • /sap/bc/error
  • /sap/bc/FormToRfc
  • /sap/bc/graphics/net
  • /sap/bc/gui/sap/its/CERTREQ
  • /sap/bc/gui/sap/its/designs
  • /sap/bc/gui/sap/its/webgui
  • /sap/bc/IDoc_XML
  • /sap/bc/ping
  • /sap/bc/report
  • /sap/bc/soap/ici
  • /sap/bc/soap/rfc
  • /sap/bc/srt/IDoc
  • /sap/bc/wdvd
  • /sap/bc/webdynpro/sap/apb_launchpad
  • /sap/bc/webdynpro/sap/apb_launchpad_nwbc
  • /sap/bc/webdynpro/sap/apb_lpd_light_start
  • /sap/bc/webdynpro/sap/apb_lpd_start_url
  • /sap/bc/webdynpro/sap/application_exit
  • /sap/bc/webdynpro/sap/appl_log_trc_viewer
  • /sap/bc/webdynpro/sap/appl_soap_management
  • /sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
  • /sap/bc/webdynpro/sap/cnp_light_test
  • /sap/bc/webdynpro/sap/configure_application
  • /sap/bc/webdynpro/sap/configure_component
  • /sap/bc/webdynpro/sap/esh_search_results.ui
  • /sap/bc/webdynpro/sap/esh_adm_smoketest_ui
  • /sap/bc/webdynpro/sap/sh_adm_smoketest_files
  • /sap/bc/webdynpro/sap/esh_eng_modelling
  • /sap/bc/webdynpro/sap/esh_admin_ui_component
  • /sap/bc/webdynpro/sap/wdhc_application
  • /sap/bc/webdynpro/sap/wd_analyze_config_appl
  • /sap/bc/webdynpro/sap/wd_analyze_config_comp
  • /sap/bc/webdynpro/sap/wd_analyze_config_user
  • /sap/bc/webdynpro/sap/WDR_TEST_ADOBE
  • /sap/bc/webdynpro/sap/WDR_TEST_EVENTS
  • /sap/bc/webdynpro/sap/wdr_test_popups_rt
  • /sap/bc/webdynpro/sap/WDR_TEST_TABLE
  • /sap/bc/webdynpro/sap/wdr_test_ui_elements
  • /sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
  • /sap/bc/webrfc
  • /sap/bc/xrfc
  • /sap/bc/xrfc_test
  • /sap/es/cockpit
  • /sap/es/getdocument
  • /sap/es/opensearch
  • /sap/es/opensearch/description
  • /sap/es/opensearch/list
  • /sap/es/opensearch/search
  • /sap/es/saplink
  • /sap/es/search
  • /sap/es/redirect
  • /sap/crm
  • /sap/public/bc
  • /sap/public/bc/icons
  • /sap/public/bc/icons_rtl
  • /sap/public/bc/its/mimes
  • /sap/public/bc/its/mimes/system/SL/page/hourglass.html
  • /sap/public/bc/its/mobile/itsmobile00
  • /sap/public/bc/its/mobile/itsmobile01
  • /sap/public/bc/its/mobile/rfid
  • /sap/public/bc/its/mobile/start
  • /sap/public/bc/its/mobile/test
  • /sap/public/bc/NWDEMO_MODEL
  • /sap/public/bc/NW_ESH_TST_AUTO
  • /sap/public/bc/pictograms
  • /sap/public/bc/sicf_login_run
  • /sap/public/bc/trex
  • /sap/public/bc/ur
  • /sap/public/bc/wdtracetool
  • /sap/public/bc/webdynpro/adobechallenge
  • /sap/public/bc/webdynpro/mimes
  • /sap/public/bc/webdynpro/ssr
  • /sap/public/bc/webdynpro/viewdesigner
  • /sap/public/bc/webicons
  • /sap/public/bc/workflow
  • /sap/public/bc/workflow/shortcut
  • /sap/public/bsp/sap
  • /sap/public/bsp/sap/htmlb
  • /sap/public/bsp/sap/public
  • /sap/public/bsp/sap/public/bc
  • /sap/public/bsp/sap/public/faa
  • /sap/public/bsp/sap/public/graphics
  • /sap/public/bsp/sap/public/graphics/jnet_handler
  • /sap/public/bsp/sap/public/graphics/mimes
  • /sap/public/bsp/sap/system
  • /sap/public/bsp/sap/system_public
  • /sap/public/icf_check
  • /sap/public/icf_info
  • /sap/public/icf_info/icr_groups
  • /sap/public/icf_info/icr_urlprefix
  • /sap/public/icf_info/logon_groups
  • /sap/public/icf_info/urlprefix
  • /sap/public/icman
  • /sap/public/info
  • /sap/public/myssocntl
  • /sap/public/ping
  • /sap/webcuif