The SAP ICM (Internet Communication Manager) admin monitor interface is often set to public and can be accessed without authentication. The interface discloses version information about the underlying operating system, a brief SAP patch level overview, running services including their corresponding ports and more.
PoC代码[已公开]
id: sap-public-admin
info:
name: SAP ICM Admin Web Interface
author: t3l3machus
severity: low
description: The SAP ICM (Internet Communication Manager) admin monitor interface is often set to public and can be accessed without authentication. The interface discloses version information about the underlying operating system, a brief SAP patch level overview, running services including their corresponding ports and more.
reference:
- https://www.saptechnicalguru.com/information-disclosure-sap-web-administration-interface/
metadata:
verified: true
max-request: 1
shodan-query: html:"SAP"
tags: sap,misconfig,admin,dashboard,vuln
http:
- method: GET
path:
- "{{BaseURL}}/sap/admin/public/index.html"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Administration</title>"
- "sap.ui"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022052d411e1e49890bf3a973323fd65f68b305a7dd597eab730ca17573b7ff776c6022100e202fb8ddda8826f95ed368f91034c2f115bf9257f7a73b3daab358978c88a15:922c64590222798bb761d5b6d8e72950