SAP Direct Browsing URLs for Pentesting
#From: securityaegis.comSAP Direct.
List of SAP HTTP Resources to hack at…
[*]/rep/build_info.html
[*]
/rep/build_info.jsp
[*]
/run/build_info.html
[*]
/run/build_info.jsp
[*]
/rwb/version.html
[*]
/sap/bc/bsp/esh_os_service/favicon.gif
[*]
/sap/bc/bsp/sap
[*]
/sap/bc/bsp/sap/alertinbox
[*]
/sap/bc/bsp/sap/bsp_dlc_frcmp
[*]
/sap/bc/bsp/sap/bsp_veri
[*]
/sap/bc/bsp/sap/bsp_verificatio
[*]
/sap/bc/bsp/sap/bsp_wd_base
[*]
/sap/bc/bsp/sap/bspwd_basics
[*]
/sap/bc/bsp/sap/certmap
[*]
/sap/bc/bsp/sap/certreq
[*]
/sap/bc/bsp/sap/crm_bsp_frame
[*]
/sap/bc/bsp/sap/crmcmp_bpident/
[*]
/sap/bc/bsp/sap/crmcmp_brfcase
[*]
/sap/bc/bsp/sap/crmcmp_hdr
[*]
/sap/bc/bsp/sap/crmcmp_hdr_std
[*]
/sap/bc/bsp/sap/crmcmp_ic_frame
[*]
/sap/bc/bsp/sap/crm_thtmlb_util
[*]
/sap/bc/bsp/sap/crm_ui_frame
[*]
/sap/bc/bsp/sap/crm_ui_start
[*]
/sap/bc/bsp/sap/esh_sap_link
[*]
/sap/bc/bsp/sap/esh_sapgui_exe
[*]
/sap/bc/bsp/sap/graph_bsp_test
[*]
/sap/bc/bsp/sap/graph_bsp_test/Mimes
[*]
/sap/bc/bsp/sap/gsbirp
[*]
/sap/bc/bsp/sap/htmlb_samples
[*]
/sap/bc/bsp/sap/iccmp_bp_cnfirm
[*]
/sap/bc/bsp/sap/iccmp_hdr_cntnr
[*]
/sap/bc/bsp/sap/iccmp_hdr_cntnt
[*]
/sap/bc/bsp/sap/iccmp_header
[*]
/sap/bc/bsp/sap/iccmp_ssc_ll/
[*]
/sap/bc/bsp/sap/ic_frw_notify
[*]
/sap/bc/bsp/sap/it00
[*]
/sap/bc/bsp/sap/public/bc
[*]
/sap/bc/bsp/sap/public/graphics
[*]
/sap/bc/bsp/sap/sam_demo
[*]
/sap/bc/bsp/sap/sam_notifying
[*]
/sap/bc/bsp/sap/sam_sess_queue
[*]
/sap/bc/bsp/sap/sbspext_htmlb
[*]
/sap/bc/bsp/sap/sbspext_xhtmlb
[*]
/sap/bc/bsp/sap/spi_admin
[*]
/sap/bc/bsp/sap/spi_monitor
[*]
/sap/bc/bsp/sap/sxms_alertrules
[*]
/sap/bc/bsp/sap/system
[*]
/sap/bc/bsp/sap/thtmlb_scripts
[*]
/sap/bc/bsp/sap/thtmlb_styles
[*]
/sap/bc/bsp/sap/uicmp_ltx
[*]
/sap/bc/bsp/sap/xmb_bsp_log
[*]
/sap/bc/contentserver
[*]
/sap/bc/echo
[*]
/sap/bc/error
[*]
/sap/bc/FormToRfc
[*]
/sap/bc/graphics/net
[*]
/sap/bc/gui/sap/its/CERTREQ
[*]
/sap/bc/gui/sap/its/designs
[*]
/sap/bc/gui/sap/its/webgui
[*]
/sap/bc/IDoc_XML
[*]
/sap/bc/ping
[*]
/sap/bc/report
[*]
/sap/bc/soap/ici
[*]
/sap/bc/soap/rfc
[*]
/sap/bc/srt/IDoc
[*]
/sap/bc/wdvd
[*]
/sap/bc/webdynpro/sap/apb_launchpad
[*]
/sap/bc/webdynpro/sap/apb_launchpad_nwbc
[*]
/sap/bc/webdynpro/sap/apb_lpd_light_start
[*]
/sap/bc/webdynpro/sap/apb_lpd_start_url
[*]
/sap/bc/webdynpro/sap/application_exit
[*]
/sap/bc/webdynpro/sap/appl_log_trc_viewer
[*]
/sap/bc/webdynpro/sap/appl_soap_management
[*]
/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
[*]
/sap/bc/webdynpro/sap/cnp_light_test
[*]
/sap/bc/webdynpro/sap/configure_application
[*]
/sap/bc/webdynpro/sap/configure_component
[*]
/sap/bc/webdynpro/sap/esh_search_results.ui
[*]
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
[*]
/sap/bc/webdynpro/sap/sh_adm_smoketest_files
[*]
/sap/bc/webdynpro/sap/esh_eng_modelling
[*]
/sap/bc/webdynpro/sap/esh_admin_ui_component
[*]
/sap/bc/webdynpro/sap/wdhc_application
[*]
/sap/bc/webdynpro/sap/wd_analyze_config_appl
[*]
/sap/bc/webdynpro/sap/wd_analyze_config_comp
[*]
/sap/bc/webdynpro/sap/wd_analyze_config_user
[*]
/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
[*]
/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
[*]
/sap/bc/webdynpro/sap/wdr_test_popups_rt
[*]
/sap/bc/webdynpro/sap/WDR_TEST_TABLE
[*]
/sap/bc/webdynpro/sap/wdr_test_ui_elements
[*]
/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
[*]
/sap/bc/webrfc
[*]
/sap/bc/xrfc
[*]
/sap/bc/xrfc_test
[*]
/sap/es/cockpit
[*]
/sap/es/getdocument
[*]
/sap/es/opensearch
[*]
/sap/es/opensearch/description
[*]
/sap/es/opensearch/list
[*]
/sap/es/opensearch/search
[*]
/sap/es/saplink
[*]
/sap/es/search
[*]
/sap/es/redirect
[*]
/sap/crm
[*]
/sap/public/bc
[*]
/sap/public/bc/icons
[*]
/sap/public/bc/icons_rtl
[*]
/sap/public/bc/its/mimes
[*]
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
[*]
/sap/public/bc/its/mobile/itsmobile00
[*]
/sap/public/bc/its/mobile/itsmobile01
[*]
/sap/public/bc/its/mobile/rfid
[*]
/sap/public/bc/its/mobile/start
[*]
/sap/public/bc/its/mobile/test
[*]
/sap/public/bc/NWDEMO_MODEL
[*]
/sap/public/bc/NW_ESH_TST_AUTO
[*]
/sap/public/bc/pictograms
[*]
/sap/public/bc/sicf_login_run
[*]
/sap/public/bc/trex
[*]
/sap/public/bc/ur
[*]
/sap/public/bc/wdtracetool
[*]
/sap/public/bc/webdynpro/adobechallenge
[*]
/sap/public/bc/webdynpro/mimes
[*]
/sap/public/bc/webdynpro/ssr
[*]
/sap/public/bc/webdynpro/viewdesigner
[*]
/sap/public/bc/webicons
[*]
/sap/public/bc/workflow
[*]
/sap/public/bc/workflow/shortcut
[*]
/sap/public/bsp/sap
[*]
/sap/public/bsp/sap/htmlb
[*]
/sap/public/bsp/sap/public
[*]
/sap/public/bsp/sap/public/bc
[*]
/sap/public/bsp/sap/public/faa
[*]
/sap/public/bsp/sap/public/graphics
[*]
/sap/public/bsp/sap/public/graphics/jnet_handler
[*]
/sap/public/bsp/sap/public/graphics/mimes
[*]
/sap/public/bsp/sap/system
[*]
/sap/public/bsp/sap/system_public
[*]
/sap/public/icf_check
[*]
/sap/public/icf_info
[*]
/sap/public/icf_info/icr_groups
[*]
/sap/public/icf_info/icr_urlprefix
[*]
/sap/public/icf_info/logon_groups
[*]
/sap/public/icf_info/urlprefix
[*]
/sap/public/icman
[*]
/sap/public/info
[*]
/sap/public/myssocntl
[*]
/sap/public/ping
[*]
/sap/webcuif
via pastebin.com
页:
[1]