Overview
Syllabus
Intro
2 ERP Scan
Enterprise applications: Definitions
Business-critical systems architecture
Secure corporate network
Corporate network attack scenario
SSRF History: Basics
SSRF history: World research
Trusted SSRF: Oracle Database
SSRF Types: SAP
Remote SSRF: Subtypes
Simple Remote SSRF: Login bruteforce
XXE Attacks on other services
Full Remote SSRF
Remote SSRF threats
XXE Tunneling to Verb Tampering
XXE Tunneling to Buffer Overflow (Hint 2)
XXE Tunneling to Buffer Overflow: Packet B
XXE Tunneling to Buffer Overflow (Hint 3)
XXE Tunneling to Rsh
Bypass SAP security restrictions
SAP Gateway server security bypass: Exploit
SAP Message Server security bypass
Oracle DB security bypass
Conclusion?
Purpose
How is it working?
Few steps
Action: Test
Action: Scan
Action: Attack
DEMO
Taught by
Black Hat