TH_GREP is functional module used by several other SAP programs to search for required string. Function Module TH_GREP contains a vulnerable code that permits the execution of operating system commands remotely, allowing the malicious user to take control of the SAP system by escalating privileges without having a valid credentials.
We can invoke this:
Vulnerable code via transaction Code "SE37" using function module "TH_GREP"
GREP command utility is used to search a string from within transaction "SM51" screen, which can be misused to trigger the backend vulnerable code as below:
Using SOAP RFC call "TH_GREP" via web
Reference:
http://erpscan.com/
Prevention:
Restrict access to critical transactions and RFC functions.
Implement SAP Notes 1580017, 1433101
No comments:
Post a Comment