Python-based Burp Suite extension is designed to detect the presence of CVE-2025-31324# CVE-2025-31324 Burp Suite Extension
## Overview
This Python-based Burp Suite extension is designed to detect the presence of **CVE-2025-31324**, a critical vulnerability in SAP NetWeaver Visual Composer’s Metadata Uploader component. The vulnerability allows unauthenticated remote code execution via file upload due to a missing authorization check. The extension performs active scanning by sending a test file to the `/developmentserver/metadatauploader` endpoint and checks for indicators of successful upload.
**Note**: This tool is for **ethical security testing** only. Use it only on systems you have explicit permission to test. Unauthorized use may be illegal and unethical.
## Features
- Actively scans for CVE-2025-31324 by attempting a benign file upload.
- Reports findings as custom issues in Burp’s Issue Activity with detailed evidence.
- Compatible with Jython (Python 2.x) for Burp Suite integration.
## Prerequisites
- **Burp Suite Professional** (Community Edition may have limitations).
- **Jython** (standalone JAR, version compatible with Burp Suite).
- A target SAP NetWeaver application within Burp’s scope.
## Installation
1. **Set Up Jython in Burp Suite**:
- Download the Jython standalone JAR from [jython.org](https://www.jython.org/).
- In Burp Suite, navigate to `Extender` > `Options` > `Python Environment`.
- Select the Jython JAR file as the Python environment.
2. **Load the Extension**:
- Save the extension code as `cve_2025_31324_scanner.py` (ensure you have the script from the provided source).
- In Burp Suite, go to `Extender` > `Extensions` > `Add`.
- Set the extension type to `Python` and select the `cve_2025_31324_scanner.py` file.
- Confirm the extension loads successfully (check the `Output` tab for "CVE-2025-31324 Scanner loaded successfully").
## Usage
1. **Configure Burp Suite**:
- Add the target SAP NetWeaver application to Burp’s scope (e.g., via `Target` > `Site map` > `Add to scope`).
- Ensure the target includes the `/developmentserver/metadatauploader` endpoint.
2. **Run the Scan**:
- Start an active scan on the target (`Scanner` > `New scan` > select the target).
- The extension will automatically test requests to the vulnerable endpoint.
- Monitor the `Issues` tab for reported vulnerabilities under "CVE-2025-31324: SAP NetWeaver File Upload Vulnerability".
3. **Interpret Results**:
- If the extension detects a potential vulnerability, it will report a `High` severity issue with evidence (e.g., "HTTP 200 received, indicating potential file upload success").
- Manually verify findings to confirm the vulnerability, as HTTP 200 responses may not always indicate successful exploitation.
## Ethical Considerations
- **Authorized Use Only**: Only test systems where you have explicit permission from the owner. Unauthorized scanning or exploitation is illegal and unethical.
- **Benign Testing**: The extension uploads a harmless text file (`test_cve_2025_31324.txt`) to avoid causing harm. Do not modify the payload to include malicious code unless explicitly authorized.
- **Responsible Disclosure**: Report any discovered vulnerabilities to the system owner promptly and follow responsible disclosure practices.
## Limitations
- **False Positives**: An HTTP 200 response does not guarantee a vulnerability. Manual verification is required to confirm file upload and potential code execution.
- **Jython Compatibility**: The extension uses Python 2.x syntax due to Burp Suite’s Jython environment. Ensure compatibility with your Burp Suite version.
- **Basic Detection**: The extension checks for basic success indicators. Advanced exploitation (e.g., executing uploaded files) is not implemented to prevent harm.
## Customization
To adapt the extension for specific environments:
- Modify the `boundary` or `test_filename` in `cve_2025_31324_scanner.py` to match server requirements.
- Adjust response checks (e.g., specific strings in the response body) for more precise detection.
- Add additional payloads or endpoints if the target uses non-standard configurations.
## References
- **CVE-2025-31324 Details**: National Vulnerability Database (NVD) entry for CVE-2025-31324.
- **SAP Security Note**: Apply SAP Security Note 3594142 to patch the vulnerability (see SAP’s official documentation).
- **Burp Suite Extension Guide**: PortSwigger’s documentation on writing custom scanner checks.
- **Vulnerability Information**: Tenable Blog and Redrays.io reports on CVE-2025-31324.
## License
This project is provided for educational and ethical security testing purposes only. The author is not responsible for misuse or unauthorized use of this tool.
## Contact
For issues or suggestions, please open an issue on the project repository (if applicable) or contact the author through authorized channels.
---
**Disclaimer**: This tool is intended for security researchers and penetration testers with explicit permission to test target systems. Misuse may violate laws and ethical standards.
[4.0K] /data/pocs/74395f1dfb3877d53f210b182058deaf5af1d0e0
├── [4.9K] cve_2025_31324_scanner.py
└── [4.9K] README.md
0 directories, 2 files