Skip to Content
0
Aug 24, 2020 at 05:36 PM

SAP RECON Vulnerability - Validation method issue

54 Views

Hi,

Extracted from the SAP Note #2939665 there are two methods to verify if the vulnerable URL is blocked, by a POST call or a WS Navigator, but using the public python PoC, and after seeing the code myself, it seems that a GET call works too to proof if a server is vulnerable.

Could you confirm this? And if yes, Could you change the details in the SAP Note #2939665?

Thanks in advance.

Regards

Javier