Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

SAP Infrastructure security internals: Google and Shodan hacking for SAP

There are still some myths abour SAP security for example that SAP applications are avaiable only internally. Here i collected some simple google hacking and shodanhq hacking tricks that can be used to find SAP servers in the internet.


GOOGLE HACKS

  • SAP Netweaver abap

inurl:/sap/bc/bsp

  • SAP Netweaver Portal

inurl:/irj/portal

  • SAP ITS

unurl:/scripts/wgate
unurl:/scripts/wgate/webgui

  • SAP BusinessObjects

inurl:infoviewapp

SHODANHQ HACKS

  • SAP Web Application Server (ICM)
  • SAP NetWeaver Application Server
  • SAP Web Application Server
  • SAP J2EE Engine
  • SAP Internet Graphics Server