Version Française Security researchers, from ERPScan, discover a vulnerability on SAP Gui and disclose it during last Troopers Conference. The vulnerability doesn’t impact directly the SAP System but the client …
Insomni’Hack write-up : “The Secr3tMgr Lock” challenge
The following write-up details a solution to one of the Insomni’Hack Capture The Flag challenge. Insomni’Hack is a Swiss security conference in Geneva which hosts an on-site CTF competition. https://insomnihack.ch/ …
One year of SAP vulnerabilities
Version Française This 13 December was the last ‘SAP Security Tuesday patch’ of the year. Now it is possible to make some reviews and comments about vulnerabilities patched by SAP …
[ALERT CERT] – Multiple WordPress vulnerabilities versions < 4.7.2
Three wordpress vulnerabilities have been disclosed those last few days : CVE-2017-5610 : Authorization bypass CVE-2017-5611 : SQL Injection CVE-2017-5612 : XSS Versions below 4.7.2 are concerned. The main conerne …
SAP with Oracle – Authentication problem
Version Française In SAP version prior SAP Netweaver 7.40, for communication between Oracle and SAP purpose, the Oracle database is installed with the remote_os_authent parameter enable. This configuration could creates …
Compromising SAP by exploiting the RFC Gateway
Version Française Some of SAP vulnerabilities couldn’t be ‘patched’, because they do not concern a bug in a program but a bad configuration of a service or component. Sometimes the …
SAP is -also- vulnerable to injections
Version Française In July 2016, SAP has corrected a vulnerability in SAP Netweaver, every versions concerned : a SQL and Code injection, SAP Note 2311011 and 2319506. This bug was …