/dev/everything |
November 24, 2011

Here is a rather helpful list of URLs to tinker with if you’re doing a security assessment with SAP.

Reference: pastebin.com

/rep/build_info.html
/rep/build_info.jsp
/run/build_info.html
/run/build_info.jsp
/rwb/version.html
/sap/bc/bsp/esh_os_service/favicon.gif
/sap/bc/bsp/sap
/sap/bc/bsp/sap/alertinbox
/sap/bc/bsp/sap/bsp_dlc_frcmp
/sap/bc/bsp/sap/bsp_veri
/sap/bc/bsp/sap/bsp_verificatio
/sap/bc/bsp/sap/bsp_wd_base
/sap/bc/bsp/sap/bspwd_basics
/sap/bc/bsp/sap/certmap
/sap/bc/bsp/sap/certreq
/sap/bc/bsp/sap/crm_bsp_frame
/sap/bc/bsp/sap/crmcmp_bpident/
/sap/bc/bsp/sap/crmcmp_brfcase
/sap/bc/bsp/sap/crmcmp_hdr
/sap/bc/bsp/sap/crmcmp_hdr_std
/sap/bc/bsp/sap/crmcmp_ic_frame
/sap/bc/bsp/sap/crm_thtmlb_util
/sap/bc/bsp/sap/crm_ui_frame
/sap/bc/bsp/sap/crm_ui_start
/sap/bc/bsp/sap/esh_sap_link
/sap/bc/bsp/sap/esh_sapgui_exe
/sap/bc/bsp/sap/graph_bsp_test
/sap/bc/bsp/sap/graph_bsp_test/Mimes
/sap/bc/bsp/sap/gsbirp
/sap/bc/bsp/sap/htmlb_samples
/sap/bc/bsp/sap/iccmp_bp_cnfirm
/sap/bc/bsp/sap/iccmp_hdr_cntnr
/sap/bc/bsp/sap/iccmp_hdr_cntnt
/sap/bc/bsp/sap/iccmp_header
/sap/bc/bsp/sap/iccmp_ssc_ll/
/sap/bc/bsp/sap/ic_frw_notify
/sap/bc/bsp/sap/it00
/sap/bc/bsp/sap/public/bc
/sap/bc/bsp/sap/public/graphics
/sap/bc/bsp/sap/sam_demo
/sap/bc/bsp/sap/sam_notifying
/sap/bc/bsp/sap/sam_sess_queue
/sap/bc/bsp/sap/sbspext_htmlb
/sap/bc/bsp/sap/sbspext_xhtmlb
/sap/bc/bsp/sap/spi_admin
/sap/bc/bsp/sap/spi_monitor
/sap/bc/bsp/sap/sxms_alertrules
/sap/bc/bsp/sap/system
/sap/bc/bsp/sap/thtmlb_scripts
/sap/bc/bsp/sap/thtmlb_styles
/sap/bc/bsp/sap/uicmp_ltx
/sap/bc/bsp/sap/xmb_bsp_log
/sap/bc/contentserver
/sap/bc/echo
/sap/bc/error
/sap/bc/FormToRfc
/sap/bc/graphics/net
/sap/bc/gui/sap/its/CERTREQ
/sap/bc/gui/sap/its/designs
/sap/bc/gui/sap/its/webgui
/sap/bc/IDoc_XML
/sap/bc/ping
/sap/bc/report
/sap/bc/soap/ici
/sap/bc/soap/rfc
/sap/bc/srt/IDoc
/sap/bc/wdvd
/sap/bc/webdynpro/sap/apb_launchpad
/sap/bc/webdynpro/sap/apb_launchpad_nwbc
/sap/bc/webdynpro/sap/apb_lpd_light_start
/sap/bc/webdynpro/sap/apb_lpd_start_url
/sap/bc/webdynpro/sap/application_exit
/sap/bc/webdynpro/sap/appl_log_trc_viewer
/sap/bc/webdynpro/sap/appl_soap_management
/sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
/sap/bc/webdynpro/sap/cnp_light_test
/sap/bc/webdynpro/sap/configure_application
/sap/bc/webdynpro/sap/configure_component
/sap/bc/webdynpro/sap/esh_search_results.ui
/sap/bc/webdynpro/sap/esh_adm_smoketest_ui
/sap/bc/webdynpro/sap/sh_adm_smoketest_files
/sap/bc/webdynpro/sap/esh_eng_modelling
/sap/bc/webdynpro/sap/esh_admin_ui_component
/sap/bc/webdynpro/sap/wdhc_application
/sap/bc/webdynpro/sap/wd_analyze_config_appl
/sap/bc/webdynpro/sap/wd_analyze_config_comp
/sap/bc/webdynpro/sap/wd_analyze_config_user
/sap/bc/webdynpro/sap/WDR_TEST_ADOBE
/sap/bc/webdynpro/sap/WDR_TEST_EVENTS
/sap/bc/webdynpro/sap/wdr_test_popups_rt
/sap/bc/webdynpro/sap/WDR_TEST_TABLE
/sap/bc/webdynpro/sap/wdr_test_ui_elements
/sap/bc/webdynpro/sap/WDR_TEST_WINDOW_ERROR
/sap/bc/webrfc
/sap/bc/xrfc
/sap/bc/xrfc_test
/sap/es/cockpit
/sap/es/getdocument
/sap/es/opensearch
/sap/es/opensearch/description
/sap/es/opensearch/list
/sap/es/opensearch/search
/sap/es/saplink
/sap/es/search
/sap/es/redirect
/sap/crm
/sap/public/bc
/sap/public/bc/icons
/sap/public/bc/icons_rtl
/sap/public/bc/its/mimes
/sap/public/bc/its/mimes/system/SL/page/hourglass.html
/sap/public/bc/its/mobile/itsmobile00
/sap/public/bc/its/mobile/itsmobile01
/sap/public/bc/its/mobile/rfid
/sap/public/bc/its/mobile/start
/sap/public/bc/its/mobile/test
/sap/public/bc/NWDEMO_MODEL
/sap/public/bc/NW_ESH_TST_AUTO
/sap/public/bc/pictograms
/sap/public/bc/sicf_login_run
/sap/public/bc/trex
/sap/public/bc/ur
/sap/public/bc/wdtracetool
/sap/public/bc/webdynpro/adobechallenge
/sap/public/bc/webdynpro/mimes
/sap/public/bc/webdynpro/ssr
/sap/public/bc/webdynpro/viewdesigner
/sap/public/bc/webicons
/sap/public/bc/workflow
/sap/public/bc/workflow/shortcut
/sap/public/bsp/sap
/sap/public/bsp/sap/htmlb
/sap/public/bsp/sap/public
/sap/public/bsp/sap/public/bc
/sap/public/bsp/sap/public/faa
/sap/public/bsp/sap/public/graphics
/sap/public/bsp/sap/public/graphics/jnet_handler
/sap/public/bsp/sap/public/graphics/mimes
/sap/public/bsp/sap/system
/sap/public/bsp/sap/system_public
/sap/public/icf_check
/sap/public/icf_info
/sap/public/icf_info/icr_groups
/sap/public/icf_info/icr_urlprefix
/sap/public/icf_info/logon_groups
/sap/public/icf_info/urlprefix
/sap/public/icman
/sap/public/info
/sap/public/myssocntl
/sap/public/ping
/sap/webcuif

(Image credit)

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.