Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
SAP post exploitation
Mar 14 2014 02:58AM
Brian Milliron (Brian ECRSecurity com)
Recently I ran across some vulnerable AIX SAP servers on a test and
managed to get admin access on the Web GUI. However, I know very little
about SAP and was unable to leverage SAP admin to get access to the
Oracle DB (it uses a separate credential store) or root on the OS.
Looking through all the ...
[ more ]
Copyright 2010, SecurityFocus