SAP Direct Browsing URLs for Pentesting

lanxi256

　　#From: securityaegis.com
　　SAP Direct.

List of SAP HTTP Resources to hack at…

• /rep/build_info.html
  
• 
  /rep/build_info.jsp
  
• 
  /run/build_info.html
  
• 
  /run/build_info.jsp
  
• 
  /rwb/version.html
  
• 
  /sap/bc/bsp/esh_os_service/favicon.gif
  
• 
  /sap/bc/bsp/sap
  
• 
  /sap/bc/bsp/sap/alertinbox
  
• 
  /sap/bc/bsp/sap/bsp_dlc_frcmp
  
• 
  /sap/bc/bsp/sap/bsp_veri
  
• 
  /sap/bc/bsp/sap/bsp_verificatio
  
• 
  /sap/bc/bsp/sap/bsp_wd_base
  
• 
  /sap/bc/bsp/sap/bspwd_basics
  
• 
  /sap/bc/bsp/sap/certmap
  
• 
  /sap/bc/bsp/sap/certreq
  
• 
  /sap/bc/bsp/sap/crm_bsp_frame
  
• 
  /sap/bc/bsp/sap/crmcmp_bpident/
  
• 
  /sap/bc/bsp/sap/crmcmp_brfcase
  
• 
  /sap/bc/bsp/sap/crmcmp_hdr
  
• 
  /sap/bc/bsp/sap/crmcmp_hdr_std
  
• 
  /sap/bc/bsp/sap/crmcmp_ic_frame
  
• 
  /sap/bc/bsp/sap/crm_thtmlb_util
  
• 
  /sap/bc/bsp/sap/crm_ui_frame
  
• 
  /sap/bc/bsp/sap/crm_ui_start
  
• 
  /sap/bc/bsp/sap/esh_sap_link
  
• 
  /sap/bc/bsp/sap/esh_sapgui_exe
  
• 
  /sap/bc/bsp/sap/graph_bsp_test
  
• 
  /sap/bc/bsp/sap/graph_bsp_test/Mimes
  
• 
  /sap/bc/bsp/sap/gsbirp
  
• 
  /sap/bc/bsp/sap/htmlb_samples
  
• 
  /sap/bc/bsp/sap/iccmp_bp_cnfirm
  
• 
  /sap/bc/bsp/sap/iccmp_hdr_cntnr
  
• 
  /sap/bc/bsp/sap/iccmp_hdr_cntnt
  
• 
  /sap/bc/bsp/sap/iccmp_header
  
• 
  /sap/bc/bsp/sap/iccmp_ssc_ll/
  
• 
  /sap/bc/bsp/sap/ic_frw_notify
  
• 
  /sap/bc/bsp/sap/it00
  
• 
  /sap/bc/bsp/sap/public/bc
  
• 
  /sap/bc/bsp/sap/public/graphics
  
• 
  /sap/bc/bsp/sap/sam_demo
  
• 
  /sap/bc/bsp/sap/sam_notifying
  
• 
  /sap/bc/bsp/sap/sam_sess_queue
  
• 
  /sap/bc/bsp/sap/sbspext_htmlb
  
• 
  /sap/bc/bsp/sap/sbspext_xhtmlb
  
• 
  /sap/bc/bsp/sap/spi_admin
  
• 
  /sap/bc/bsp/sap/spi_monitor
  
• 
  /sap/bc/bsp/sap/sxms_alertrules
  
• 
  /sap/bc/bsp/sap/system
  
• 
  /sap/bc/bsp/sap/thtmlb_scripts
  
• 
  /sap/bc/bsp/sap/thtmlb_styles
  
• 
  /sap/bc/bsp/sap/uicmp_ltx
  
• 
  /sap/bc/bsp/sap/xmb_bsp_log
  
• 
  /sap/bc/contentserver
  
• 
  /sap/bc/echo
  
• 
  /sap/bc/error
  
• 
  /sap/bc/FormToRfc
  
• 
  /sap/bc/graphics/net
  
• 
  /sap/bc/gui/sap/its/CERTREQ
  
• 
  /sap/bc/gui/sap/its/designs
  
• 
  /sap/bc/gui/sap/its/webgui
  
• 
  /sap/bc/IDoc_XML
  
• 
  /sap/bc/ping
  
• 
  /sap/bc/report
  
• 
  /sap/bc/soap/ici
  
• 
  /sap/bc/soap/rfc
  
• 
  /sap/bc/srt/IDoc
  
• 
  /sap/bc/wdvd
  
• 
  /sap/bc/webdynpro/sap/apb_launchpad
  
• 
  /sap/bc/webdynpro/sap/apb_launchpad_nwbc
  
• 
  /sap/bc/webdynpro/sap/apb_lpd_light_start
  
• 
  /sap/bc/webdynpro/sap/apb_lpd_start_url
  
• 
  /sap/bc/webdynpro/sap/application_exit
  
• 
  /sap/bc/webdynpro/sap/appl_log_trc_viewer
  
• 
  /sap/bc/webdynpro/sap/appl_soap_management
  
• 
  /sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
  
• 
  /sap/bc/webdynpro/sap/cnp_light_test
  
• 
  /sap/bc/webdynpro/sap/configure_application
  
• 
  /sap/bc/webdynpro/sap/configure_component
  
• 
  /sap/bc/webdynpro/sap/esh_search_results.ui
  
• 
  /sap/bc/webdynpro/sap/esh_adm_smoketest_ui
  
• 
  /sap/bc/webdynpro/sap/sh_adm_smoketest_files
  
• 
  /sap/bc/webdynpro/sap/esh_eng_modelling
  
• 
  /sap/bc/webdynpro/sap/esh_admin_ui_component
  
• 
  /sap/bc/webdynpro/sap/wdhc_application
  
• 
  /sap/bc/webdynpro/sap/wd_analyze_config_appl
  
• 
  /sap/bc/webdynpro/sap/wd_analyze_config_comp
  
• 
  /sap/bc/webdynpro/sap/wd_analyze_config_user
  
• 
  /sap/bc/webdynpro/sap/WDR_TEST_ADOBE
  
• 
  /sap/bc/webdynpro/sap/WDR_TEST_EVENTS
  
• 
  /sap/bc/webdynpro/sap/wdr_test_popups_rt
  
• 
  /sap/bc/webdynpro/sap/WDR_TEST_TABLE
  
• 
  /sap/bc/webdynpro/sap/wdr_test_ui_elements
  
• 
  /sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
  
• 
  /sap/bc/webrfc
  
• 
  /sap/bc/xrfc
  
• 
  /sap/bc/xrfc_test
  
• 
  /sap/es/cockpit
  
• 
  /sap/es/getdocument
  
• 
  /sap/es/opensearch
  
• 
  /sap/es/opensearch/description
  
• 
  /sap/es/opensearch/list
  
• 
  /sap/es/opensearch/search
  
• 
  /sap/es/saplink
  
• 
  /sap/es/search
  
• 
  /sap/es/redirect
  
• 
  /sap/crm
  
• 
  /sap/public/bc
  
• 
  /sap/public/bc/icons
  
• 
  /sap/public/bc/icons_rtl
  
• 
  /sap/public/bc/its/mimes
  
• 
  /sap/public/bc/its/mimes/system/SL/page/hourglass.html
  
• 
  /sap/public/bc/its/mobile/itsmobile00
  
• 
  /sap/public/bc/its/mobile/itsmobile01
  
• 
  /sap/public/bc/its/mobile/rfid
  
• 
  /sap/public/bc/its/mobile/start
  
• 
  /sap/public/bc/its/mobile/test
  
• 
  /sap/public/bc/NWDEMO_MODEL
  
• 
  /sap/public/bc/NW_ESH_TST_AUTO
  
• 
  /sap/public/bc/pictograms
  
• 
  /sap/public/bc/sicf_login_run
  
• 
  /sap/public/bc/trex
  
• 
  /sap/public/bc/ur
  
• 
  /sap/public/bc/wdtracetool
  
• 
  /sap/public/bc/webdynpro/adobechallenge
  
• 
  /sap/public/bc/webdynpro/mimes
  
• 
  /sap/public/bc/webdynpro/ssr
  
• 
  /sap/public/bc/webdynpro/viewdesigner
  
• 
  /sap/public/bc/webicons
  
• 
  /sap/public/bc/workflow
  
• 
  /sap/public/bc/workflow/shortcut
  
• 
  /sap/public/bsp/sap
  
• 
  /sap/public/bsp/sap/htmlb
  
• 
  /sap/public/bsp/sap/public
  
• 
  /sap/public/bsp/sap/public/bc
  
• 
  /sap/public/bsp/sap/public/faa
  
• 
  /sap/public/bsp/sap/public/graphics
  
• 
  /sap/public/bsp/sap/public/graphics/jnet_handler
  
• 
  /sap/public/bsp/sap/public/graphics/mimes
  
• 
  /sap/public/bsp/sap/system
  
• 
  /sap/public/bsp/sap/system_public
  
• 
  /sap/public/icf_check
  
• 
  /sap/public/icf_info
  
• 
  /sap/public/icf_info/icr_groups
  
• 
  /sap/public/icf_info/icr_urlprefix
  
• 
  /sap/public/icf_info/logon_groups
  
• 
  /sap/public/icf_info/urlprefix
  
• 
  /sap/public/icman
  
• 
  /sap/public/info
  
• 
  /sap/public/myssocntl
  
• 
  /sap/public/ping
  
• 
  /sap/webcuif
  

via pastebin.com