Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2020-6287 PoC — SAP NetWeaver AS JAVA 授权问题漏洞

Source
https://github.com/qmakake/SAP_CVE-2020-6287_find_mandate
Associated Vulnerability
Title:SAP NetWeaver AS JAVA 授权问题漏洞 (CVE-2020-6287)
Description:SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
Description
Checker help to verify created account or find it's mandat
Readme
# SAP_CVE-2020-6287_find_mandate
Checker help to verify created account or find it's mandat

The script allows you to check whether the account was created when using the exploit RECON.py or find the mandate of the created account 

## Exploit:

   https://github.com/chipik/SAP_RECON
      
   
## Quick start:

chmod +x 

./checker_CVE-2020-6287.sh \<start mndt> \<stop mndt> \<ip> \<port> \<login> \<password>
```
    - <start mndt> : first value of mandate for iterate (000-999) useful for me 000,001,002,003,004,005,006,007,008,009,066,100,150,200,500,520
    - <stop mndt> : last value for iterate
    - <ip> : IP address of vulnerable host
    - <port> : endpoint of vulnerable service
    - <login> : login created with RECON.py
    - <password> : password created with RECON.py
```    
### Helpfull oneliner:

for i in {000,001,002,003,004,005,006,007,008,009,066,100,150,200,500,520}; do ./checker_CVE-2020-6287.sh ${i} ${i} \<ip> \<port> \<login> \<password>;done

![My Image](Screen.png)

The first value is a mandate. Code 302 says, the user is exist.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →