Breaking SAP Portal - Proidea
Breaking SAP Portal - Proidea
Breaking SAP Portal - Proidea
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• We can read any file<br />
XXE in <strong>Portal</strong>: Result<br />
• Including config with passwords<br />
• The <strong>SAP</strong> J2EE Engine stores the database<br />
user <strong>SAP</strong>DB; its password is here:<br />
\usr\sap\\SYS\global\security\data\SecStore.properties