Breaking SAP Portal - Proidea

More documents

Recommendations

Info

Investigation #1.5#000C29C2603300790000003A000008700004D974E7CCC6D8#1364996035203# /System/Security/Audit#sap.com/tc~lm~ctc~util~basic_ear#com.sap.security.core.util .SecurityAudit#Guest#0#SAP J2EE Engine JTA Transaction : [024423a006e18]#n/a##217c5d309c6311e29bca000c29c26033#SAPEngine_Applicati on_Thread[impl:3]_22##0#0#Info#1#com.sap.security.core.util.SecurityAudit#Plain## #Guest | USER.CREATE | USER.PRIVATE_DATASOURCE.un:CONF | | SET_ATTRIBUTE: uniquename=[CONF]# #1.5#000C29C2603300680002C97A000008700004D974E8354D1D#1364996042062# /System/Security/Audit/J2EE#sap.com/irj#com.sap.engine.services.security.roles.audi t#Guest#182818##n/a##0c5bfef08bc511e287e6000c29c26033#Thread[Thread- 50,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Info#1#com.sap.engine.s ervices.security.roles.audit#Java###{0}: Authorization check for caller assignment to J2EE security role [{1} : {2}].#3#ACCESS.OK#SAP-J2EE-Engine#guests#
Investigation
Page 1 and 2: Invest in security to secure invest
Page 3 and 4: Evgeny Neyolov
Page 5 and 6: SAP security Agenda SAP forensics W
Page 7 and 8: SAP security Espionage Stealing fin
Page 9 and 10: How easy? SAP Security Notes http:/
Page 11 and 12: What about unpublished threats? •
Page 13 and 14: What do we see? • A lot of resear
Page 15 and 16: Say hello to Portal • Point of we
Page 17 and 18: Okay, okay. SAP Portal is important
Page 19 and 20: Full logging is not always the best
Page 21 and 22: SAP Management Console • SAP MC -
Page 23 and 24: SAP Management Console true
Page 25 and 26: Prevention • The HTTP Provider se
Page 27 and 28: Declarative By WEB.XML Access contr
Page 29 and 30: web.xml CriticalAction com.sap.adm
Page 31 and 32: Verb Tampering Need Admin account i
Page 33 and 34: Investigation [Apr 3, 2013 1:23:59
Page 35 and 36: Invoker Servlet • Want to execute
Page 37: Prevention • Update to the latest
Page 41 and 42: EPCF EPCF provides a JavaScript API
Page 43 and 44: Investigation #Plain###192.168.192.
Page 45 and 46: Webdynpro JAVA http://help.sap.com/
Page 47 and 48: Investigation • Most actions have
Page 49 and 50: Directory traversal fix bypass
Page 51 and 52: ../ !252f..!252f Investigation
Page 53 and 54: Read file How we can read the file?
Page 55 and 56: XXE in Portal
Page 57 and 58: XXE Error based XXE
Page 59 and 60: $internal/version=Ni4zFF4wMSeasefor
Page 61 and 62: Prevention • Install SAP note 161
Page 63 and 64: Investigation • The only one way
Page 65 and 66: Malicious file upload: Attack http:
Page 67 and 68: Malicious file upload: Forensics [A
Page 69 and 70: Portal post exploitation • Lot of
Page 71 and 72: SSRF Attack Direct attack GET /vuln
Page 73 and 74: Portal post-exploitation
Page 75 and 76: • Flooding • Deleting • Chang
Page 77 and 78: Log deleting • Flooding is the su
Page 79 and 80: Log archiving • Archiving when al
Page 81 and 82: Securing SAP Portal • Patching
Page 83 and 84: Future work I'd like to thank SAP's

Breaking SAP Portal - Proidea

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?