inurl:apspassword

GHDB-ID:

5074

Author:

FlyingFrog

Google Dork Description:

inurl:apspassword

AUTHOR: FlyingFrog
Twitter: @ItsKarl0z


++ SAP Crystal report access ++

inurl:apspassword
- open SAP crystal databases to browse
- Possible SQL Injection
- Sensitive information
- Possible Cross-Site Scripting
    - https://www.exploit-db.com/exploits/32882
- Possible Directory Traversal
    - https://www.exploit-db.com/exploits/16054
- 48 results at the time of writing

DISCLAIMER:
(The vulnerabilities are suggestions, none of them have been tested by me,
always request permission before testing anything on someone else system)
Credit goes to the boys of Rapid7