Quantcast
Channel: Joshua "Jabra" Abraham » Exploitation
Browsing latest articles
Browse All 3 View Live

Image may be NSFW.
Clik here to view.

Axis2 Deployer via SOAP

At OWASP AppSecDC @willis__ and I talked about several attacks against SAP BusinessObjects. SAP BusinessObjects uses a module known as dswsbobje.war to deploy the Axis2 interface. Axis2 is a web...

View Article


Image may be NSFW.
Clik here to view.

Axis2 Deployer via REST

Update 12/06: Many kudos to Egypt for helping with exploit dev! Last weekend at OWASP BASC 2010, I created another version of the Axis2 Deployer exploit which uses REST instead of SOAP. This is...

View Article


Image may be NSFW.
Clik here to view.

Internal Port Scanning via Crystal Reports

Another fun attack that willis and I found during our SAP BusinessObjects research is that we could do internal port scanning by using Crystal Reports. The way this works is that when you browse to a...

View Article
Browsing latest articles
Browse All 3 View Live