michael-eaton-portswigger
commented
5 months ago @beserkerbob As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.
It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.
If you would like to join, please email us at support@portswigger.net and we will send over an invite link.
Thank you!
Added a new folder in the Other directory for SAP-specific checks. This check performs a check for an authentication bypass. Which is a known and common issue for SAP applications. Advise to fix is documented in SAP Note 2258786. Which is also mentioned in the bcheck.
The authentication bypass is that normally /sap/admin/public/default.html should be requested and would result in a login screen. however index.html would directly go to the given view. Leaking inside urls, installed patches and other useful information.