Breaking SAP Portal - Proidea
Breaking SAP Portal - Proidea
Breaking SAP Portal - Proidea
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Gopher uri scheme<br />
• Using gopher:// uri scheme, it is possible to send<br />
TCP packets<br />
– Exploit OS vulnerabilities<br />
– Exploit old <strong>SAP</strong> application vulnerabilities<br />
– Bypass <strong>SAP</strong> security restrictions<br />
– Exploit vulnerabilities in local services<br />
More info in our BH2012 presentation:<br />
SSRF vs. Business Critical Applications<br />
http://erpscan.com/wp-content/uploads/2012/08/SSRF-vs-Businness-critical-applications-whitepaper.pdf