526互联

Fiori issue

发布时间 2023-03-28 16:03:36作者: BASIS/老应(Weikui)

《terminexus_0321》资产检测详情
资产名称 terminexus_0321
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/us
hell/shells/abap/Fiorilaunchpad.html#Shell-home
IP 10.28.107.214
域名 10.28.107.214:44300
开办单位
开通时间
到期时间
资产运行方式
服务类型
域名注册服务商
工信部许可/备案号
开发单位
等级保护定级
MAC地址 --
物理地址 局域网-对方和您在同一内部网[10.0.0.0-10.255.255.
255]
备注信息 --
开发架构
语言 --
编码 utf-8
负责人
负责人手机
负责人座机
负责人邮箱
安全联系人
安全联系人手机
安全联系人座机
安全联系人qq
安全联系人email
开发者
开发者手机
开发者邮箱
管理员 zhangqiang
所属单位 默认单位
标签 已注册资产
中间件 --
操作系统 linux kernel 2.6
是否开通外网 内网
防护设备
负载设备
最后一次Web扫描时

2023-03-21 13:00:59
最后一次系统扫描时

2023-03-21 10:28:03
漏洞评分 4
漏洞总计 191
漏洞分布 高风险:62
中风险:10
低风险:116
信息:3
1.资产概述
1.1资产基本信息
1.2检测基本信息
1.3主机端口服务分布
端口 开启服务 协议
22 ssh tcp
123 ntp udp
2500 smtp tcp
8000 www tcp
9000 www tcp
50013 www tcp
漏洞名称 所属分类 所属类型 出现次数
盲注漏洞(Order) A1 注入 WEB漏洞 54
详细描述 目标存在SQL注入漏洞。
1.SQL注入攻击就是攻击者通过欺骗数据库服务器执行非授权的任意查询过程。
2. SQL注入攻击就其本质而言,它利用的工具是SQL的语法,针对的是应用程序开发者在编程过程中的漏洞,“当攻击者能够操作数据,向应用
程序中插入一些SQL语句时,SQL注入攻击就发生了”。实际上,SQL注入攻击是攻击者通过在应用程序中预先定义好的查询语句结尾加上额外
的SQL语句元素,欺骗数据库服务器执行非授权的任意查询。SQL注入漏洞是目前互联网最常见也是影响非常广泛的漏洞。
被SQL注入后可能导致以下后果:
1.网页被篡改
2.数据被篡改
3. 核心数据被窃取
4. 数据库所在服务器被攻击变成傀儡主机
解决方案 如下一些方法能够防止注入攻击:
1.在网页代码中需要对用户输入的数据进行严格过滤。
2.部署Web应用防火墙
3.对数据库操作进行监控
建议过滤用户输入的数据,切记用户的所有输入都要认为是不安全的。
2.漏洞分布
2.1漏洞分布
3.漏洞详情
3.1漏洞详情
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=
&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 316
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-logi
n-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-language
=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-oninputpr
ocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-b
asic_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-language=EN&sap-login-XSRF=wGMT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28
select+scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_
auth=&sap-system-login-cookie_disabled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-l
anguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021431-bBwI1Zos65Pt0f8GfZsfAA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessib
ility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XS
RF=C8z4LVITxTk9cPjwpHS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&
sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3d
&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=C8z4LVITxTk9cPjwp
HS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap
-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-lo
gin-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021429-kwxuLWkxbWRCft6sBGKfMA%3d%3d;sap-usercontext=sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessi
bility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=VluDasQ-DEri5f9MBk5l6FF1U0B9aH4TmPn3ICsquPQ%3D&sap-system-login-cookie_disabled
=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q
3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urls
cheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-hash
=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLX
eC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&sap-urlsche
me=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-coo
kie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessi
bility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-system-login-oninputprocessing=&sap-urlsche
me=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfM
pZGNPgGq11I1zHKwqW3KtmUjMo%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sa
p-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=o
nLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11I1zHKwqW3
KtmUjMo%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29&sap-pas
sword=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html HTTP/1.1
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=
&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021430-m1hUPrcMe2g1U9ylXsOPBg%3d%3d;sap-usercontext=sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessib
ility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibilit
y=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=wUg
tzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urls
cheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-has
h=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-Ay
DsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap-urlsche
me=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-coo
kie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/ HTTP/1.1
Content-Length: 316
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3D&sap-system-logincookie_disabled=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash
=&sap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-acces
sibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3
d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=C8z4LVITxTk9cPjwpHS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibil
ity=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibili
ty=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-sy
stem-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVely
IltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&s
ap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sapsystem-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWs
NMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29&sap-p
assword=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility
=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputpr
ocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF
=VluDasQ-DEri5f9MBk5l6FF1U0B9aH4TmPn3ICsquPQ%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language
=EN&sap-user=&sap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pn
wgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme
=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=VluDasQ-DEri5f9MBk5l6F
F1U0B9aH4TmPn3ICsquPQ%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+
scan%29&sap-password=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 316
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user
=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-sy
stem-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=m4brJkB6Iw261c2LwMuOJCYnUK0EgNU8TgrwoD5rf2E%3D&sap-system-logi
n-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-X
SRF=C8z4LVITxTk9cPjwpHS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=
1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-sys
tem-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3d
&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=C8z4LVITxTk9cPjwp
HS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&sa
p-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-l
ogin-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibil
ity=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=wU
gtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-u
rlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logi
n-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-has
h=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-A
yDsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&sap-urlsch
eme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-co
okie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-system-login-oninputprocessing=&sap-urlscheme=&
sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=CfWq965K_
pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-use
r=&sap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogi
n&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6
DQ5dr5uen12_k%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29&
sap-password=&sap-client=800 HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-system-login-oninputprocessing=&sap-urlsc
heme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=Cf
Wq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN
&sap-user=&sap-password=&sap-client=800
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-BPPCtvgg1snYr0p0giKaUQ%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-langu
age=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputp
rocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-logi
n-basic_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pn
wgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=g
cYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%2
8select+1scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-bas
ic_auth=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=
&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-sy
stem-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&s
ap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-XSRF=-QEJ
nrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sapurlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-lo
gin-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuI
gmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&sap-urlsc
heme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-c
ookie_disabled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-langu
age=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputproces
sing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic
_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=R
qcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28selec
t+scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth
=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3
d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=
&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_aut
h=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX46W1BtCqfKJ8NmpGjVne6-245PzY%3D&sap-system-login-cookie_disabled
=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninput
processing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XS
RF=Wh5MqDDIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlschem
e=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=Wh5MqDDIJvbVHmywp
y_cQ0olflQpnHycZqc-2NeUSVg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28sele
ct+scan%29&sap-password=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=&s
ap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=3_J7JZVzStnL
ftQ_qrJHP_tTTSq4eDP57k52F3q9_cU%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&s
ap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-hash
=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin
&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=3_J7JZVzStnLftQ_qrJHP_tTTSq4eDP57k
52F3q9_cU%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29&sap-p
assword=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=
1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-sys
tem-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-z4Xe5JCxE0r-A0LhrLYAfg%3d%3d;sap-usercontext=sap-language=EN&sapclient=800
sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibilit
y=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3
d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=C8z4LVITxTk9cPjwpHS8js-Ia48RQWcbSm7UapG0Bzc=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility
=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-lang
uage=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputproc
essing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-ba
sic_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=
RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28sele
ct+1scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_au
th=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 316
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=
1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-sys
tem-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=3_J7JZVzStnLftQ_qrJHP_tTTSq4eDP57k52F3q9_cU%3D&sap-system-login-coo
kie_disabled=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3
hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlsch
eme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-co
okie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-hash
=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXe
C-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap-urlscheme
=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_
disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-login-XSR
F=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-us
er=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sapsystem-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-login-XSRF=aAcQx6wGaKQseZ6mbl
ugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&
sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQC
GCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlsche
me=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-coo
kie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_
BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap-urlscheme=
&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_d
isabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-langua
ge=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputpr
ocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-b
asic_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pn
wgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=gc
YyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28s
elect+scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_a
uth=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=
&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=m4brJkB6
Iw261c2LwMuOJCYnUK0EgNU8TgrwoD5rf2E%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sapuser=&sap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-has
h=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogi
n&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=m4brJkB6Iw261c2LwMuOJCYnUK0E
gNU8TgrwoD5rf2E%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29
&sap-password=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user
=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-sy
stem-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=Wh5MqDDIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3D&sap-system-login-cookie_disable
d=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XSRF=-QEJn
rjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-url
scheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIg
mXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap-urlsche
me=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-coo
kie_disabled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XS
RF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021435-vTpEfLtHMTDsVDZJsWeWBA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 303
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=(select 1scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility
=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=&sap-language=EN&sap-login-XSRF
=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&
sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=&sap-language=EN&sap-login-XSRF=aAcQx6wGaKQseZ6mblu
gGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+scan%29&sap-u
rlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logi
n-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQHB_WsQ
CGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-u
rlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logi
n-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW
_BCe3fBcV4F3L9WM%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28select+1scan%29&sap-urlsch
eme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-co
okie_disabled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021430-m1hUPrcMe2g1U9ylXsOPBg%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibilit
y=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=(select scan)&sap-urlscheme=&sap-system-login=onLogin&sap-accessibili
ty=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数 sap-user
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 301
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11I1zHKwqW3KtmUjMo%3D&sap-system-login-cookie_disab
led=&sap-hash=&sap-language=EN&sap-user=(select scan)&sap-password=&sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&sap-languag
e=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-oninputpro
cessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-b
asic_auth=&sap-system-login-cookie_disabled=
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&sap-language=EN&sap-login-XSRF=wG
-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=%28sel
ect+1scan%29&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_a
uth=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021430-m1hUPrcMe2g1U9ylXsOPBg%3d%3d;sap-usercontext=sap-client=800
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urls
cheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX
46W1BtCqfKJ8NmpGjVne6-245PzY%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sa
p-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3d
&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-logi
n=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX46W1BtCqfKJ8NmpGjVne
6-245PzY%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+scan%29&sap-pas
sword=&sap-client=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=
&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_aut
h=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-oninputproc
essing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=IE
xA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN
&sap-user=&sap-password=&sap-client=800
问题参数 sap-user
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-oninputprocessing=&sap-urlscheme=
&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=IExA6RIv6wQkQosK9q0TH
xEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=%28select+sc
an%29&sap-password=&sap-client=800 HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 对比参数值后缀(select "+v+")和(select "+v+","+v+")后的服务器的返回结果,两个结果不同,建议在代码中加入对SQL语句
查询条件的判断。
OpenSSH安全绕过漏洞(CVE-2016-10012) Unix本地安全 系统漏洞 1
漏洞编号 113438
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH存在安全绕过漏洞。攻击者利用漏洞可绕过某些安全限制执行未经授权的操作,可发起进一步的攻击。
解决办法 用户可关注厂商主页,将软件升级至7.4版本:
http://www.openssh.com/
详情请参阅 http://www.securityfocus.com/bid/94975
CVE CVE-2016-10012
Bugtraq ID 94975
CVSS CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CNVD CNVD-2016-10012
CNCVE CNCVE-2016-10012
CNNVD CNNVD-201612-618
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH远程代码执行漏洞(CVE-2016-10009) Unix本地安全 系统漏洞 1
漏洞编号 121365
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH存在远程代码执行漏洞。攻击者利用漏洞可在受影响应用程序中执行任意代码,利用失败可导致拒绝服务条件。
解决办法 用户可关注厂商主页,将软件升级至7.4版本:
http://www.openssh.com/
详情请参阅 http://www.securityfocus.com/bid/94968
CVE CVE-2016-10009
Bugtraq ID 94968
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CNVD CNVD-2016-10009
CNCVE CNCVE-2016-10009
CNNVD CNNVD-201612-616
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH远程拒绝服务漏洞(CNVD-2016-09674)(CVE-2016-8
858)
网络设备安全 系统漏洞 1
漏洞编号 126552
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH在秘钥交换过程中kex_input_kexinit()函数存在内存耗尽问题,未经认证的客户端可通过重复KEXINIT过程,使服务器上每
个连接的内存分配增加至384MB。攻击者利用该漏洞可发起多个连接,使服务器的内存耗尽,造成拒绝服务攻击。
解决办法 目厂商提供了源代码的修复,建议用户对源代码进行升级和编译。代码修复链接如下:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c#rev1.127
详情请参阅 http://www.securitytracker.com/id/1037057
CVE CVE-2016-8858
Bugtraq ID 93776
CVSS CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CNVD CNVD-2016-8858
CNCVE CNCVE-2016-8858
CNNVD CNNVD-201610-679
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH用户枚举(CVE-2018-15473)【POC】 其它 系统漏洞 1
漏洞编号 104397
概要 远程OpenSSH缺少安全更新。
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,
支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH 7.7及之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏
洞获取受影响组件敏感信息。
解决办法 目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
详情请参阅 https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
https://packages.debian.org/source/jessie/openssh
CVE CVE-2018-15473
CNVD CNVD-2018-15473
CNCVE CNCVE-2018-15473
CNNVD CNNVD-201808-536
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH<9.1 多个安全漏洞 其它 系统漏洞 1
漏洞编号 104329
概要
描述 远程主机上安装的OpenSSH版本低于9.1。因此,它受到9.1版公告中提到的多个漏洞的影响。
-SSH-keyscan(1):修复SSH-banner处理中的一个字节溢出。(OpenSSH-9.1-1)
-SSH-keygen(1):签名/验证代码ghpr333(openssh-9.1-2)中文件哈希步骤的错误路径中的double free()
-SSH-keysign(8):在OpenSSH-8.9(OpenSSH-9.1-3)中引入的错误路径中的双重释放
解决办法 升级到OpenSSH 9.1或更高版本。
详情请参阅 https://www.openssh.com/txt/release-9.1
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH 资源管理错误漏洞 其它 系统漏洞 1
漏洞编号 103559
概要
描述 OpenSSH(OpenBSD Secure Shell)是Openbsd计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,
支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH before 8.5 存在安全漏洞,攻击者可利用该漏洞在遗留操作系统上不受约束的代理套接字访问。
解决办法 目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
详情请参阅 https://www.openwall.com/lists/oss-security/2021/03/03/1
https://www.openssh.com/txt/release-8.5
CVE CVE-2021-28041
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CNVD CNVD-2021-28041
CNCVE CNCVE-2021-28041
CNNVD CNNVD-202103-527
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH sshd拒绝服务漏洞(CNVD-2016-06210)(CVE-2016-6
515)
网络设备安全 系统漏洞 1
漏洞编号 121218
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源
实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。sshd是其中的一个独立守护进程。
OpenSSH 7.3之前的版本中的sshd中的auth-passwd.c文件中的‘auth_password’函数存在安全漏洞,该漏洞源于程序未能在密码验证
中限制密码长度。远程攻击者可借助长的字符串利用该漏洞造成拒绝服务(CPU消耗)。
解决办法 目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://github.com/openssh/openssh-portable/commit/fcd135c9df440bcd2d5870405ad3311743d78d97
详情请参阅 http://openwall.com/lists/oss-security/2016/08/01/2
CVE CVE-2016-6515
Bugtraq ID 92212
CVSS CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CNVD CNVD-2016-6515
CNCVE CNCVE-2016-6515
CNNVD CNNVD-201608-172
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH UseLogin环境变量任意代码执行漏洞(CVE-2015-8325) 云安全 系统漏洞 1
漏洞编号 134730
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH中存在任意代码执行漏洞,本地攻击者可利用该漏洞绕过特定的安全限制,向/bin/login URI中下载受限制的库文件,以ro
ot权限执行任意代码。
解决办法 目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:
http://www.openssh.com/
详情请参阅 http://www.openssh.com/
https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
CVE CVE-2015-8325
Bugtraq ID 86187
CVSS CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CNVD CNVD-2015-8325
CNCVE CNCVE-2015-8325
CNNVD CNNVD-201604-341
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
SMTP服务器非标准端口检测 后门检测 系统漏洞 1
漏洞编号 7848
概要 远程SMTP服务正在非标准端口上运行。
描述 此SMTP服务器正在非标准端口上运行。这可能是由攻击者发送垃圾邮件甚至控制目标机器的后门。
解决办法 检查并清洁配置。
详情请参阅 http://www.icir.org/vern/papers/backdoor/
CVSS CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
检测详情
主机:10.28.107.214 | 端口:2500 | 服务:smtp
OpenSSH 命令注入漏洞 其它 系统漏洞 1
漏洞编号 104686
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,
支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH 8.3p1及之前版本中的scp的scp.c文件存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中,网络系统或产
品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。
解决办法 建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
https://www.openssh.com/
详情请参阅
CVE CVE-2020-15778
CVSS CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CNVD CNVD-2020-15778
CNCVE CNCVE-2020-15778
CNNVD CNNVD-202007-1519
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH用户枚举漏洞(CNVD-2018-20962)(CVE-2018-15919
)
通用 系统漏洞 1
漏洞编号 149915
概要 远程OpenSSH缺少安全更新。
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源
实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH 7.8及之前版本中的auth-gss2.c文件存在安全漏洞。远程攻击者可利用该漏洞检测其指定的用户是否存在。
解决办法 用户可联系供应商获得补丁信息:
https://www.openssh.com/
详情请参阅 https://nvd.nist.gov/vuln/detail/CVE-2018-15919
CVE CVE-2018-15919
Bugtraq ID 105163
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CNVD CNVD-2018-15919
CNCVE CNCVE-2018-15919
CNNVD CNNVD-201808-902
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH设计漏洞(CVE-2017-15906) Linux本地安全 系统漏洞 1
漏洞编号 118999
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源
实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH 7.6之前的版本中的sftp-server.c文件的‘process_open’函数存在安全漏洞,该漏洞源于程序在只读模式下未能正确的阻止写
入操作。攻击者可利用该漏洞创建长度为零的文件。
解决办法 厂商已发布了漏洞修复程序,请及时关注更新:
https://www.openssh.com/txt/release-7.6
详情请参阅 https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
CVE CVE-2017-15906
Bugtraq ID 101552
CVSS CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CNVD CNVD-2017-15906
CNCVE CNCVE-2017-15906
CNNVD CNNVD-201710-1230
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH <7.5 其它 系统漏洞 1
漏洞编号 86533
概要 在远程主机上运行的SSH服务器受到信息泄漏漏洞的影响。
描述 根据其Banner,在远程主机上运行的OpenSSH的版本在7.5之前。因此,它受到信息泄漏漏洞的影响:
- 在ssh和sshd函数中的CBC填充oracle对策中存在未指定的定时缺陷,允许未经身份验证的远程攻击者公开潜在的敏感信息。
请注意,OpenSSH客户端默认禁用CBC密码。但是,sshd将它们提供为最低优先级选项,默认情况下将在以后的版本中将其删除
。 (VulnDB 144000)
请注意,引擎尚未测试这些问题,而是依赖于应用程序的自我报告版本号。
解决办法 升级到OpenSSH 7.5或更高版本。
详情请参阅 http://www.openssh.com/txt/release-7.5
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH特权提升漏洞(CVE-2016-10010) Unix本地安全 系统漏洞 1
漏洞编号 113437
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH存在特权提升漏洞。攻击者利用漏洞可将权限提升至root权限。
解决办法 用户可关注厂商主页,将软件升级至7.4版本:
http://www.openssh.com/
详情请参阅 http://www.securityfocus.com/bid/94972/
CVE CVE-2016-10010
Bugtraq ID 94972
CVSS CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CNVD CNVD-2016-10010
CNCVE CNCVE-2016-10010
CNNVD CNNVD-201612-609
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH sshd拒绝服务漏洞(CVE-2016-10708) 网络设备安全 系统漏洞 1
漏洞编号 134253
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源
实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。sshd是其中的一个独立守护进程。
OpenSSH 7.4之前版本中的sshd存在拒绝服务漏洞。远程攻击者可借助乱序的NEWKEYS消息利用该漏洞造成拒绝服务(空指针逆向
引用和守护进程崩溃)。
解决办法 目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://www.openssh.com/releasenotes.html
详情请参阅 http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
CVE CVE-2016-10708
Bugtraq ID 102780
CVSS CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CNVD CNVD-2016-10708
CNCVE CNCVE-2016-10708
CNNVD CNNVD-201801-812
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH xauth命令注入漏洞(CVE-2016-3115) 云安全 系统漏洞 1
漏洞编号 134141
概要
描述 OpenSSH是SSH协议的开源实现。
OpenSSH <=7.2p1在实现上存在xauth命令注入漏洞.攻击者可利用有效的证书和建立转发会话的权限,绕过安全限制,向数据中注
入shell命令。
解决办法 用户可参考如下厂商提供的安全补丁以修复该漏洞:
http://www.openssh.com/txt/x11fwd.adv
详情请参阅 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
http://www.openssh.com/txt/x11fwd.adv
CVE CVE-2016-3115
Bugtraq ID 84314
CVSS CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CNVD CNVD-2016-3115
CNCVE CNCVE-2016-3115
CNNVD CNNVD-201603-244
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH安全漏洞 (CVE-2021-41617) 其它 系统漏洞 1
漏洞编号 103906
概要
描述 OpenSSH(OpenBSD Secure Shell)是Openbsd计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,
支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。
OpenSSH存在安全漏洞。该漏洞源于允许权限提升,因为补充组未按预期初始化。
解决办法 目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.o
penssh.com/security.html
详情请参阅 https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.openssh.com/txt/release-8.8
CVE CVE-2021-41617
CVSS CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P
CNVD CNVD-2021-41617
CNCVE CNCVE-2021-41617
CNNVD CNNVD-202109-1695
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
OpenSSH用户枚举漏洞(CVE-2016-6210) 云安全 系统漏洞 1
漏洞编号 140551
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH存在用户枚举漏洞。OpenSSH SSH守护进程允许用户进行身份验证时的时间差进行用户枚举。
解决办法 厂商已发布了修复版本,请及时关注更新:
http://www.openssh.com/
详情请参阅 https://www.debian.org/security/2016/dsa-3626
http://seclists.org/fulldisclosure/2016/Jul/51
CVE CVE-2016-6210
Bugtraq ID 91812
CVSS CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CNVD CNVD-2016-6210
CNCVE CNCVE-2016-6210
CNNVD CNNVD-201607-1067
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
Form表单无CSRF保护 A8 跨站请求伪造(CSRF) WEB漏洞 100
详细描述 跨站请求伪造,是一种类型的恶意攻击网站即未经授权的命令是从一个用户,该网站信任传递的。 扫描器找到一个没有明显CSRF保护的HTML
表单。
解决方案 增加对HTML表单的CSRF保护
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=wU
gtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-u
rlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logi
n-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-has
h=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-A
yDsOUrGcFek2Sxt98ubc=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-lo
gin=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTTP/
1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=6pYeg0_ZTJwTdh5HriflHsOHKzqnee-Dd_1OOnaawm0=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XS
RF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-vTpEfLtHMTDsVDZJsWeWBA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=9bBH1s13j-j7G0pD4VQwG2ol31-M3Wpxi1sqMEWvhuE=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XS
RF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-vTpEfLtHMTDsVDZJsWeWBA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=o80c_Rye9vhmVE6avCP0xzFKWk18laIz33OrVG-usYc=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6DQ5
dr5uen12_k%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3d&sap-s
ystem-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-system-login-oninputprocessing=&sap-urlsc
heme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=Cf
Wq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN
&sap-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-BPPCtvgg1snYr0p0giKaUQ%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=4YlpBCF98x1WbNKJvZKrLfj-aNcmQgCpeSW9nh8t5N0=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6DQ5
dr5uen12_k%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=CfWq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3d&sap-s
ystem-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-system-login-oninputprocessing=&sap-urlsc
heme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=Cf
Wq965K_pmYZq8fcFIQJLLIi5P8p6DQ5dr5uen12_k%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN
&sap-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-BPPCtvgg1snYr0p0giKaUQ%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=m10iS01fMIwYatpiIhg0uAmb7Plh8YDoethG7rj9bdI=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-langua
ge=EN&sap-login-XSRF=gcYyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputpr
ocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-b
asic_auth=&sap-system-login-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pn
wgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=gc
YyPv51M3XygD_aB1TU4kroicW13VRv48R8WSEgNNk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap
-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-lo
gin-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&s
ap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninp
utprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=y64cd4uq-AIotTolD-XHNrQ_UfM3B8HGGEHgT8YGPU4=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sa
p-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninpu
tprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-logi
n-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021439-_ZS8EtkW40NV-NDWrcdbrQ%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=QotjVQiNM1XNPxpFOSb9C73ht0FMXp4D5WccFC-FZOo=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjox
msZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7p
nwgtFvY9WftCk%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sa
p-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninpu
tprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-logi
n-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021439-_ZS8EtkW40NV-NDWrcdbrQ%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=XEVcbtXmerORceb2nA5bbeg3AKJptBXt4sBuCLTISJc=&sap-hash=&sap-s
ystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=8
00&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=Wh5MqD
DIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=Wh5MqDDIJvbVHmywpy_cQ0olflQ
pnHycZqc-2NeUSVg%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-o
ninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-lo
gin-XSRF=Wh5MqDDIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3D&sap-system-login-cookie_disabled=&sap-hash=&sa
p-language=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021441-CRdpDyStEVMcsMzwx3Mocg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=Jqnitaa5h92UXGdCXlzRVMHmK70sHBTWOjjSg71prmM=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=Wh5MqD
DIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-login-XSRF=Wh5MqDDIJvbVHmywpy_cQ0olflQ
pnHycZqc-2NeUSVg%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-o
ninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-lo
gin-XSRF=Wh5MqDDIJvbVHmywpy_cQ0olflQpnHycZqc-2NeUSVg%3D&sap-system-login-cookie_disabled=&sap-hash=&sa
p-language=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021441-CRdpDyStEVMcsMzwx3Mocg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=WiFPBtNfOseZ0vlqEJ--oZ2bwD4jo47_KvNKKTCApb0=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XSRF=-QEJn
rjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-url
scheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIg
mXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-lo
gin=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTTP/
1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=&sap-language=EN&sap-login-XS
RF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021435-vTpEfLtHMTDsVDZJsWeWBA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-lang
uage=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputproc
essing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-ba
sic_auth=&sap-system-login-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=
RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-u
rlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logi
n-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=DHGj3xuNfG8WImYVjRmpc1g_IlxcitaJO57cRCdIGdY=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-l
anguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-bBwI1Zos65Pt0f8GfZsfAA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=0cNsew_GGekWu2EvG-rMNoBNsXaH02BCJNOzYC7bkJU=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-l
anguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-bBwI1Zos65Pt0f8GfZsfAA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=9XY0mwkkyiRtxk7sI4n9FsRIB18amR5OHlAAgLZuypQ=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQk
QosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXf
F6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=EDZNwLOyR715SeCY0tvDLQXW1If5W09P1jfRe-4r0IA=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQk
QosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXf
F6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=dTPmAVLcA5etqHoW0CzmDL5b-uhoq6HbV-1WVa2fE5c=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dz96DfE1I0nHzMWBSEA-GQ%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=LFbZtJO7zfTCo00fij220PqoRpmZeD66sKAoOIhPedw=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dz96DfE1I0nHzMWBSEA-GQ%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=22Ys4JUV5A9W-KQ4DoaDNJnl5bubeVjSK9no63wPX1M=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021439-4MXgtWOZ-9bC_rAvFwmKYA%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=oYWKLWP6gwJ_D2jf3-xB0o5YcxBmTqMzdvop3e0AkbM=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bkh-ljqqtvFktKyFf1yeog%3d%3d;sap-usercontext=sap-language=EN&sapclient=800
sap-password=1&sap-language=EN&sap-login-XSRF=jwGsXhTaBFFrWsEHKqP74U2FzG1UmV2Qo8sK6i1uOuw=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=8vdwHmNJBlz32VQCPs9NTyjLYdZqeGQZaUoezCGdEQ8=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=0T43rc8q649uiqu0i_qhr0axlHuQ0GxBkQ3q6uVM4QY=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-7XLAKJBhViKuNTaegKaHdg%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=H1A2bkMYJEwpy2k5xclNw4H7Pe2kwM2W9qQJuHoImPQ=&sap-hash
=&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap
-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-7XLAKJBhViKuNTaegKaHdg%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=jEOfr98uFmNPgPkFTgIsePg8rIIweLA3KZUqkSOgOWM=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bmSdTM19ABoRVB9TEpP0Zg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=spALYAVXcIMuWGPfLzN3l6w9Avd-WRJF-6z1ZwLjDQE=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bmSdTM19ABoRVB9TEpP0Zg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=u_kJZAMnzq43Yg1rfrdRs1td6qzN9r05XidoQT0qN0o=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-uokY4khDScYYdQ-23roxEQ%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=pj6MwddEvUfVrEpLea6Qu2p5o5Xmfv3MLusUDjrBy4Y=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021441-L3gTwGQcdMPpk6fgfOUYag%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=rEoqZytLLSP2ulD-66pWdVFHclLPUAKP_d6Eg0DWK2s=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021442-DzWS6aFL012rFr6miC8djw%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=McZQi1MIhrAzps2iB8TLOI1_wzC-MSOxJTG8bbXlo70=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3
d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=
&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_aut
h=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX46W1BtCqfKJ8NmpGjVne6-245PzY%3D&sap-system-login-cookie_disabled
=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-loginURL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urls
cheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX
46W1BtCqfKJ8NmpGjVne6-245PzY%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sa
p-password=&sap-client=800
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3d
&sap-hash=&sap-system-login-cookie_disabled=&sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-logi
n=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=gx9YaBgYPqTVbTX46W1BtCqfKJ8NmpGjVne
6-245PzY%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=
800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=
&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_aut
h=&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-login-
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uw
a2WLYpyK5CnJoN9g%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3
d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-7X7YEoq_lN-XEcbbV56SNQ%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=&sap-language=EN&sap-log
in-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=&
sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=
&sap-system-login-cookie_disabled=
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=pH9XnjaC0nWdq6p1dfS5vok2oxYickajSwiotA1oVmY%3D&sap-system-login-cookie_disabled=
&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-loginURL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11
I1zHKwqW3KtmUjMo%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11I1zHKwqW3KtmUjMo%
3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021437-Ahc4sLLk3BJezfJ5V_sYcw%3d%3d;sap-usercontext=sap-language=EN&sapclient=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-system-login-oninputprocessing=&sap
-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=GhXy5h75wYg
r0EzfMpZGNPgGq11I1zHKwqW3KtmUjMo%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-us
er=&sap-password=&sap-client=800
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=OGncBu9Y67wHIvzyDICh7mAww6lX5EfuGgNDzk9kjX4%3D&sap-system-login-cookie_disable
d=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-loginURL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-z4Xe5JCxE0r-A0LhrLYAfg%3d%3d;sap-usercontext=sap-language=EN&sapclient=800
sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q
3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urls
cheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-hash
=&sap-system-login-cookie_disabled=&sap-password=1&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLX
eC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-logi
n=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTTP/1.
1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=9HlQAL2Gzs6c1TMnXkRRcoHgg8ZmhsFbNrt84eTQBXM=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sa
p-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-l
ogin-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-sA2UfoAZowwjEmyItoVA4A%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=HWRZysCb50nxp-AGUxkM-cwrt0VPWETccf2RYKCku9o=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sa
p-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-l
ogin-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-sA2UfoAZowwjEmyItoVA4A%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=RWMx6NmOBprgUy4cG70hZHL9jBl2L5EuPK0ekUjDhpg=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sapclient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNM
ndCYyg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3d&sap-syste
m-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme
=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvk
ONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sa
p-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-Ye_PBMwlbhjai7SLhpIqWA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=aYixHizihcTaFKSeVX08eEVBH0fRHQA_8vqUxOq9Nf4=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;yP
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNM
ndCYyg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3d&sap-syste
m-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme
=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvk
ONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sa
p-user=&sap-password=&sap-client=800
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-Ye_PBMwlbhjai7SLhpIqWA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=84ZPdLE1QhAdYlPDcI91TMFNll2Pzd5bljIkSh_yDhc=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;yP
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-login-XSR
F=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-us
er=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sapsystem-login-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-login-XSRF=aAcQx6wGaKQseZ6mbl
ugGDIt2Uwa2WLYpyK5CnJoN9g%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sa
p-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disa
bled= HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-password=1&sap-language=EN&sap-lo
gin-XSRF=aAcQx6wGaKQseZ6mblugGDIt2Uwa2WLYpyK5CnJoN9g=&sap-hash=&sap-system-login-oninputprocessing=&sa
p-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&
sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-loginURL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-oninputproc
essing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=IE
xA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN
&sap-user=&sap-password=&sap-client=800
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-oninputprocessing=&sap-urlscheme=
&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=IExA6RIv6wQkQosK9q0TH
xEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-passwo
rd=&sap-client=800 HTTP/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=9HlQAL2Gzs6c1TMnXkRRcoHgg8ZmhsFbNrt84eTQBXM=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3
hDBrPsnp_9FPb7CZxLXeC-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlsch
eme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-co
okie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-hash
=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=Bj8Q3hDBrPsnp_9FPb7CZxLXe
C-0gWXClw7awjraTvs=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=
onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=1&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&s
ap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system
-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-gqU0UPelCT_BKz4NLezSIA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sa
p-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-l
ogin-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-sA2UfoAZowwjEmyItoVA4A%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=HWRZysCb50nxp-AGUxkM-cwrt0VPWETccf2RYKCku9o=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV
4F3L9WM%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM%3d&sap-has
h=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQ
HB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sa
p-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-l
ogin-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021435-sA2UfoAZowwjEmyItoVA4A%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=RWMx6NmOBprgUy4cG70hZHL9jBl2L5EuPK0ekUjDhpg=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNM
ndCYyg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3d&sap-syste
m-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme
=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvk
ONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sa
p-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-Ye_PBMwlbhjai7SLhpIqWA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=aYixHizihcTaFKSeVX08eEVBH0fRHQA_8vqUxOq9Nf4=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;yP
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNM
ndCYyg%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/?sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3d&sap-syste
m-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme
=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvk
ONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sa
p-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-Ye_PBMwlbhjai7SLhpIqWA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=84ZPdLE1QhAdYlPDcI91TMFNll2Pzd5bljIkSh_yDhc=&sap-hash=&sap-s
ystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=8
00&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;yP
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11I1zHKwqW3KtmUjMo%3D&sap-system-login-cookie_disab
led=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-system-login-oninputprocessing=&sap-urlsche
me=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfM
pZGNPgGq11I1zHKwqW3KtmUjMo%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sa
p-password=&sap-client=800
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=o
nLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-login-XSRF=GhXy5h75wYgr0EzfMpZGNPgGq11I1zHKwqW3
KtmUjMo%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=
800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/&#x3f;sap-loginURL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021432-2XCJ2tE7h3WVzyJgDGd6Yg%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=txgGnJ1DJQ0AlRGvH3YfmccpWhMdcr9OZQ-2fMudvVo%3D&sap-system-login-cookie_disable
d=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021435-FVd3_TBrQFyoyN2S5XJoCA%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=UykzetuJ9M213WSD3hIeJptpSUx3G-8vO8MgavYO754%3D&sap-system-login-cookie_disabled
=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-9zQtM_DskmWS89jpIddEQQ%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=9mPN6wcXrP5JwcuoUt6y-iove2dWYeXgPrvitUXysvg%3D&sap-system-login-cookie_disabled=
&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-Effin2ATpIVn4b-W6t7Svg%3d%3d;sap-usercontext=sap-language=EN&sap
-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=Gq8tj2jvjtwS4rhueq28ga1TodIW_M04ZchGv1-_ETw%3D&sap-system-login-cookie_disabled=
&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/ HTTP/1.1
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021437-KPD7Mju-ZA7xAAQAeKOnbQ%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-ac
cessibility=&sap-login-XSRF=rM-WXHhExnTxp2NvuiJc8BNrminJGXy-QyyYPShFtN4%3D&sap-system-login-cookie_disabled
=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/" method="post"
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-XSRF=-QEJ
nrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sapurlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-lo
gin-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuI
gmXsHpFoPRDH9iy_DI%3D&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-systemlogin=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTT
P/1.1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Accept: */*
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/&#x3f;sap-login-XSRF&
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-sy
stem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=80
0&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-langu
age=EN&sap-login-XSRF=RqcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputproces
sing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic
_auth=&sap-system-login-cookie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPT
MKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=&sap-password=&sap-language=EN&sap-login-XSRF=R
qcXMjoxmsZJ4T_KbblfZ1zZjryg7pnwgtFvY9WftCk=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urls
cheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-logincookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-systemlogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-C_jfO0mePAgutcB7w8xNww%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=DHGj3xuNfG8WImYVjRmpc1g_IlxcitaJO57cRCdIGdY=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-l
anguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-bBwI1Zos65Pt0f8GfZsfAA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=0cNsew_GGekWu2EvG-rMNoBNsXaH02BCJNOzYC7bkJU=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=&sap-l
anguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo=&sap-hash=&sap-system-login-onin
putprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-l
ogin-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021431-bBwI1Zos65Pt0f8GfZsfAA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=9XY0mwkkyiRtxk7sI4n9FsRIB18amR5OHlAAgLZuypQ=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQk
QosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXf
F6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=EDZNwLOyR715SeCY0tvDLQXW1If5W09P1jfRe-4r0IA=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQk
QosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXf
F6R6xsrH8F6c%3d&sap-system-login-cookie_disabled=&sap-hash= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-system-login-onin
putprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-accessibility=&sap-loginXSRF=IExA6RIv6wQkQosK9q0THxEKCJS9CXfF6R6xsrH8F6c%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-lang
uage=EN&sap-user=&sap-password=&sap-client=800
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-lrNUpjQcmEvPV0LKRL495w%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=dTPmAVLcA5etqHoW0CzmDL5b-uhoq6HbV-1WVa2fE5c=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dz96DfE1I0nHzMWBSEA-GQ%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=LFbZtJO7zfTCo00fij220PqoRpmZeD66sKAoOIhPedw=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dz96DfE1I0nHzMWBSEA-GQ%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=22Ys4JUV5A9W-KQ4DoaDNJnl5bubeVjSK9no63wPX1M=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021439-4MXgtWOZ-9bC_rAvFwmKYA%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=oYWKLWP6gwJ_D2jf3-xB0o5YcxBmTqMzdvop3e0AkbM=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bkh-ljqqtvFktKyFf1yeog%3d%3d;sap-usercontext=sap-language=EN&sapclient=800
sap-password=&sap-language=EN&sap-login-XSRF=jwGsXhTaBFFrWsEHKqP74U2FzG1UmV2Qo8sK6i1uOuw=&sap-hash=&
sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=8vdwHmNJBlz32VQCPs9NTyjLYdZqeGQZaUoezCGdEQ8=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021438-dNdDT4nDpeEqsEFOKurOXw%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=0T43rc8q649uiqu0i_qhr0axlHuQ0GxBkQ3q6uVM4QY=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-7XLAKJBhViKuNTaegKaHdg%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=H1A2bkMYJEwpy2k5xclNw4H7Pe2kwM2W9qQJuHoImPQ=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-7XLAKJBhViKuNTaegKaHdg%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=jEOfr98uFmNPgPkFTgIsePg8rIIweLA3KZUqkSOgOWM=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bmSdTM19ABoRVB9TEpP0Zg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=spALYAVXcIMuWGPfLzN3l6w9Avd-WRJF-6z1ZwLjDQE=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-bmSdTM19ABoRVB9TEpP0Zg%3d%3d;sap-usercontext=sap-language=EN
&sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=u_kJZAMnzq43Yg1rfrdRs1td6qzN9r05XidoQT0qN0o=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021440-uokY4khDScYYdQ-23roxEQ%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=pj6MwddEvUfVrEpLea6Qu2p5o5Xmfv3MLusUDjrBy4Y=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-password=1&saplanguage=EN&sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3D&sap-hash=&sap-system-login-o
ninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-syst
em-login-basic_auth=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021441-L3gTwGQcdMPpk6fgfOUYag%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=rEoqZytLLSP2ulD-66pWdVFHclLPUAKP_d6Eg0DWK2s=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_T
mQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-MT356_TmQmxPk54lNJxISlR23CP
TMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.html?sap-login-XSRF=wG-M
T356_TmQmxPk54lNJxISlR23CPTMKBvPl6Ovnxo%3d&sap-hash=&sap-system-login-cookie_disabled=
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021442-DzWS6aFL012rFr6miC8djw%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=McZQi1MIhrAzps2iB8TLOI1_wzC-MSOxJTG8bbXlo70=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/shells/abap/Fiorilaunchpad.h
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-logi
n-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-sy
stem-login=onLogin&sap-system-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVely
IltkDmONGj4IixB0byFWsNMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&s
ap-password=&sap-client=800
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sapsystem-login-basic_auth=&sap-client=800&sap-accessibility=&sap-login-XSRF=yPmRvkONOIVelyIltkDmONGj4IixB0byFWs
NMndCYyg%3D&sap-system-login-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client
=800 HTTP/1.1
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;yP
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021433-O8pZvXG_3iuo9Ae5brYFnQ%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=r2dqwu6RbfFHyKXNbjlfZT48IOoWN4xvEhgFsV4c_iw%3D&sap-system-logincookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=r-YLdkSOFYLzqe36Xtcavj75P8pVxPdJaZfZTFnwDbk%3D&sap-system-login-co
okie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-R8bGHllEF3qF_7I-Ol8c6A%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=6ZvmcI0H2AHqVfO1VD7W7YAsPCIb3JUQxq1e-4XV21Q%3D&sap-system-logi
n-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-R8bGHllEF3qF_7I-Ol8c6A%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=JSNdZ4ftgDuHFYw4Bvrwrvjpeu4Ybyrgn_9QZe-20Vc%3D&sap-system-login-c
ookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Content-Length: 299
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021436-Ye_PBMwlbhjai7SLhpIqWA%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
Origin: https://10.28.107.214:44300
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,applicatio
n/signed-exchange;v=b3;q=0.9
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Sec-Fetch-Dest: document
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Sec-Fetch-Mode: navigate
sap-system-login-oninputprocessing=&sap-urlscheme=&sap-system-login=onLogin&sap-system-login-basic_auth=&sap-cli
ent=800&sap-accessibility=&sap-login-XSRF=psQkYb_hme3C9OehmKjyT1Qy9LkcnsntZ7eLuseOId4%3D&sap-system-login
-cookie_disabled=&sap-hash=&sap-language=EN&sap-user=&sap-password=&sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=
&sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cl
ient=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQC
GCOP7YlUSZZzqDg5mW_BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlsche
me=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-coo
kie_disabled=
问题参数
测试用例 GET /sap/bc/ui5_ui5/ui2/ushell/?sap-password=&sap-language=EN&sap-login-XSRF=jQHB_WsQCGCOP7YlUSZZzqDg5mW_
BCe3fBcV4F3L9WM=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=o
nLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/&#x3f;sap-login-XSRF&#x3d;jQ
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021428-HR1ljLZEolFbxeIXY0VEpw%3d%3d;sap-usercontext=sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=fMTFmbzaKKIETnZO332IWz-3WY6DiWjQetHWlFtK1Zg=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-etoEBqBXui9YS1gQRa5Xig%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=9EezmR7bdHgaJZ3Z3Q4v40Gdmq3H38MJVboiW_HIyFg=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-O8pZvXG_3iuo9Ae5brYFnQ%3d%3d;sap-usercontext=sap-language=EN&s
ap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=AAITt025G2eVTBP1VpkNKaFYw4R7Yzx2ST1o-fhe3RM=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=hkvhLSczgWfBDBkghxkt8N2n552a56jrMfVXna1StAs=&sap-hash=&sapsystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021434-TWv3BDikGxsRBmA3Tqk6kA%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=&sap-language=EN&sap-login-XSRF=tkBs-u6gpupDasznlqegyQtB16MDctdpGIqHE0Zcufg=&sap-hash=&sap-s
ystem-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=8
00&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-R8bGHllEF3qF_7I-Ol8c6A%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=eQMFR_n2UGZfSYbx2PoaNjKvgydpL3nLYpdBzRDlTPk=&sap-hash=&sap
-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=
800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-R8bGHllEF3qF_7I-Ol8c6A%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=3Ym7FEAKXFkO-Nh1onoGwx421Qpi8TIzRjFX9he5lDg=&sap-hash=&sa
p-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client
=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/
Content-Length: 284
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021436-R8bGHllEF3qF_7I-Ol8c6A%3d%3d;sap-usercontext=sap-language=EN&sa
p-client=800
sap-password=&sap-language=EN&sap-login-XSRF=tq4HHQnCz3zePGq-Q-XpAXc35ANPa9BJ36N1Qet5OBo=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-clie
nt=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Form表单没有CSRF防护措施,Form表单:<form class="sapUiSraLoginForm" id="LOGIN_FORM" name="loginForm" acti
on="/sap/bc/ui5_ui5/ui2/ushell/" method="post" autocomplete
SetCookie未配置Secure A2 失效的身份认证和会话管理 WEB漏洞 1
详细描述 Cookie 只能在 HTTPS 连接中被浏览器传递到服务器端进行会话验证,如果是 HTTP 连接则不会传递该信息,所以绝对不会被窃听到
解决方案 为SetCookie配置secure属性
URL https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFo
PRDH9iy_DI%3d&sap-hash=&sap-system-login-cookie_disabled=
问题参数
测试用例 POST /sap/bc/ui5_ui5/ui2/ushell/shells/?sap-login-XSRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI%3d&sap-ha
sh=&sap-system-login-cookie_disabled= HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/bc/ui5_ui5/ui2/ushell/shells/?sap-password=1&sap-language=EN&sap-login-X
SRF=-QEJnrjlKOpDtNFqjzNuywAuIgmXsHpFoPRDH9iy_DI=&sap-hash=&sap-system-login-oninputprocessing=&sap-user=1
&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-client=800&sap-system-login-basic_auth=&sap-syste
m-login-cookie_disabled=
Content-Length: 286
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Accept-Encoding: gzip,deflate
Cookie: sap-login-XSRF_TP1=20230321021433-DiFPdsCMR_pK7sTXT0BBKw%3d%3d;sap-usercontext=sap-language=EN&
sap-client=800
sap-password=1&sap-language=EN&sap-login-XSRF=wUgtzQTbdgbppEGu88Tru-AyDsOUrGcFek2Sxt98ubc=&sap-hash=&s
ap-system-login-oninputprocessing=&sap-user=1&sap-urlscheme=&sap-system-login=onLogin&sap-accessibility=&sap-cli
ent=800&sap-system-login-basic_auth=&sap-system-login-cookie_disabled=
备注信息 Cookie中没有包含secure属性
X-Frame-Options头未设置 A6 敏感信息泄漏 WEB漏洞 1
详细描述 目标服务器没有返回一个X-Frame-Options头。
攻击者可以使用一个透明的、不可见的iframe,覆盖在目标网页上,然后诱使用户在该网页上进行操作,此时用户将在不知情的情况下点击透
明的iframe页面。通过调整iframe页面的位置,可以诱使用户恰好点击iframe页面的一些功能性按钮上,导致被劫持。
解决方案 修改web服务器配置,添加X-frame-options响应头。赋值有如下三种:
(1)DENY:不能被嵌入到任何iframe或frame中。
(2)SAMEORIGIN:页面只能被本站页面嵌入到iframe或者frame中。
(3)ALLOW-FROM uri:只能被嵌入到指定域名的框架中。
也可在代码中加入,在PHP中加入:
header('X-Frame-Options: deny');
URL https://10.28.107.214:44300/
问题参数
测试用例 GET / HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321022911-aKWjq3SF6JMFPkG-Kdc9IA%3d%3d; sap-usercontext=sap-language=EN&s
ap-client=800
Accept-Encoding: gzip,deflate
备注信息 返回头中没有X-Frame-Options头:
HTTP/1.1 404 Not found
Content-Type: text/html; charset=utf-8
Content-Length: 9314
date: Tue, 21 Mar 2023 02:35:36 GMT
connection: Keep-Alive
SSH 密码认证Accepted 服务探测 系统漏洞 1
漏洞编号 103668
概要
描述 远程主机上的 SSH 服务器接受密码认证。
解决办法 信息检测,无需修复。
详情请参阅 https://tools.ietf.org/html/rfc4252#section-8
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
SMTP服务器检测 服务探测 系统漏洞 1
漏洞编号 221
概要 SMTP服务器正在侦听远程端口。
描述 远程主机在此端口上运行邮件(SMTP)服务器。
由于SMTP服务器是垃圾邮件发送者的目标,因此建议您不要使用SMTP服务器。
解决办法 如果您不使用该服务,或者将入站流量过滤到此端口,请禁用此服务。
详情请参阅
检测详情
主机:10.28.107.214 | 端口:2500 | 服务:smtp
Ping远程主机 端口扫描 系统漏洞 1
漏洞编号 104827
概要
描述 Ping远程主机,用于判断远程主机是否存活
解决办法 无
详情请参阅
网络时间协议(NTP)服务器检测 服务探测 系统漏洞 1
漏洞编号 747
概要 具有不安全配置的NTP服务器正在主机上侦听。
描述 具有不安全配置的NTP服务器正在侦听端口123。
它提供有关其版本,当前日期,当前时间的信息,并且还可以提供系统信息。
解决办法
详情请参阅 http://www.ntp.org
检测详情
主机:10.28.107.214 | 端口:123 | 服务:ntp
HTTP响应头使用X-XSS-Protection Web安全 系统漏洞 3
漏洞编号 104390
概要 远程Web应用程序不采取措施来减轻一类Web应用程序漏洞。
描述 远程Web应用程序不设置X-XSS-Protection响应头。
此标题使最近的Web浏览器中内置的跨站点脚本(XSS)过滤器成为可能。
它通常默认情况下是启用的,所以如果用户禁用了这个标头,这个标头的作用是重新启用这个特定网站的过滤器。此标头在IE 8+和
Chrome中支持(不确定哪些版本)。在Chrome 4中添加了反XSS筛选器。如果该版本符合此标题,则不详。
解决办法 需要在Web应用程序的所有页面上设置以下响应头:
X-XSS-Protection:1; mode=block
详情请参阅 http://msdn.microsoft.com/en-us/library/dd565647%28v=vs.85%29.aspx
检测详情
主机:10.28.107.214 | 端口:8000 | 服务:www
主机:10.28.107.214 | 端口:9000 | 服务:www
主机:10.28.107.214 | 端口:50013 | 服务:www
HTTP响应头部使用X-Frame-Options Web安全 系统漏洞 3
漏洞编号 104389
概要 远程Web应用程序不采取措施来减轻一类Web应用程序漏洞。
描述 远程Web应用程序不设置X-Frame-Options响应头。
微软已经提出X-Frame-Options作为缓解点击劫持攻击的一种方法,并且已经在Chrome和Safari中实施。
解决办法 需要在Web应用程序的所有页面上设置以下响应头:
X-Frame-Options:DENY
详情请参阅 http://en.wikipedia.org/wiki/Clickjacking
http://blogs.sans.org/appsecstreetfighter/2009/10/15/adoption-of-x-frame-options-header/
检测详情
主机:10.28.107.214 | 端口:8000 | 服务:www
主机:10.28.107.214 | 端口:9000 | 服务:www
主机:10.28.107.214 | 端口:50013 | 服务:www
HTTP响应头X-Content-Options:nosniff Web安全 系统漏洞 3
漏洞编号 104388
概要 远程Web应用程序不采取措施来减轻一类Web应用程序漏洞。
描述 远程网络应用程序不设置X-Content-Options响应头。
X-Content-Options是Microsoft提出的一种缓解MIME类型攻击的方式,并且已经在Chrome和Safari中实现。
解决办法 需要在Web应用程序的所有页面上设置以返回头:
X-Content-Type-Options:nosniff
详情请参阅 http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
检测详情
主机:10.28.107.214 | 端口:8000 | 服务:www
主机:10.28.107.214 | 端口:9000 | 服务:www
主机:10.28.107.214 | 端口:50013 | 服务:www
OpenSSH本地信息泄露漏洞(CVE-2016-10011) Unix本地安全 系统漏洞 1
漏洞编号 113436
概要
描述 OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。
OpenSSH存在本地信息泄露漏洞。本地攻击者利用漏洞可获取敏感信息,可发起进一步攻击。
解决办法 用户可关注厂商主页,将软件升级至7.4版本:
http://www.openssh.com/
详情请参阅 http://www.securityfocus.com/bid/94977/
CVE CVE-2016-10011
Bugtraq ID 94977
CVSS CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C
CNVD CNVD-2016-10011
CNCVE CNCVE-2016-10011
CNNVD CNNVD-201612-606
检测详情
主机:10.28.107.214 | 端口:22 | 服务:ssh
敏感文件或备份 A5 安全配置错误 WEB漏洞 3
详细描述 网站包含敏感可猜解的文件路径。
解决方案 请删除该文件,或者正确设置权限,禁止用户访问。
URL https://10.28.107.214:44300/sap/public/bc/icons/
问题参数
测试用例 GET /sap/public/bc/icons/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/public/bc/icons/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021815-cJWFraFSUpOuM_GMYNcITA%3d%3d; sap-usercontext=sap-language=EN
&sap-client=800
Accept-Encoding: gzip,deflate
备注信息
URL https://10.28.107.214:44300/sap/public/bc/ui2/logon/img/
问题参数
测试用例 GET /sap/public/bc/ui2/logon/img/ HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/public/bc/ui2/logon/img/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021815-cJWFraFSUpOuM_GMYNcITA%3d%3d; sap-usercontext=sap-language=EN
&sap-client=800
Accept-Encoding: gzip,deflate
备注信息
URL https://10.28.107.214:44300/sap/admin/
问题参数
测试用例 GET /sap/admin/public/default.html HTTP/1.1
Accept: */*
Referer: https://10.28.107.214:44300/sap/admin/
Host: 10.28.107.214:44300
Connection: Keep-Alive
User-Agent: Mozilla/5.0 compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0
Cookie: sap-login-XSRF_TP1=20230321021815-cJWFraFSUpOuM_GMYNcITA%3d%3d; sap-usercontext=sap-language=EN
&sap-client=800
Accept-Encoding: gzip,deflate
备注信息
危险程度 危险值区域 危险程度说明
高 7 <= 漏洞风险值 <= 10 攻击者可以远程执行任意命令或者代码,或对系统进行远程拒绝服务攻击。
中 4 <= 漏洞风险值 < 7 攻击者可以远程创建、修改、删除文件或数据,或对普通服务进行拒绝服务攻击。
低 2 <= 漏洞风险值 < 4 攻击者可以获取某些系统、服务的信息,或读取系统文件和数据。
信息 0 <= 漏洞风险值 < 2 攻击者可以获取服务及组件等版本信息。
1. 可远程获取漏洞组件的版本信息。
2. 目标系统服务器开放了不必要的服务。
3. 可远程访问到某些不在目录树中的文件或读取服务器动态脚本的源码。
4. 可远程因为会话管理的问题导致身份冒用。
5. 可远程利用受影响的系统服务器攻击其他浏览网站的用户。
6. 可远程读取系统文件或后台数据库。
7. 可远程读写系统文件、操作后台数据库。
8. 可远程以普通用户身份执行命令或进行拒绝服务攻击。
9. 可远程以管理用户身份执行命令(受限、不太容易利用)。
10. 可远程以管理用户身份执行命令(不受限、容易利用)。
4.评定标准
4.1单一漏洞风险等级评定标准