CVE-2020-0618 PoC — Microsoft SQL Server Reporting Services 代码问题漏洞

Source

Associated Vulnerability

Readme

# CVE-2020-0618 - Microsoft SQL Server Reporting Services (SSRS) RCE Detection PoC

[![Python](https://img.shields.io/badge/Python-3.x-blue?style=flat-square&logo=python)](https://www.python.org/)
[![License](https://img.shields.io/badge/License-Educational-red?style=flat-square)](LICENSE)
[![Status](https://img.shields.io/badge/Status-Detection_Only-orange?style=flat-square)]

---

## 📜 Description

This is a simple PoC to detect **CVE-2020-0618**, a Remote Code Execution vulnerability affecting **Microsoft SQL Server Reporting Services (SSRS)**.

The vulnerability exists due to improper path validation in the `LoadReport()` SOAP API. If vulnerable, it could potentially lead to **remote code execution** under the context of the SQL Server Reporting Services account.

---

## ✨ Features
- Simple vulnerability detection (not exploitation)
- Supports custom SSRS targets
- Fast and lightweight
- Python 3 compatible

---

## 🧰 Requirements

- Python >= 3.6
- `requests` Python library

## Usage
```Python
python3 cve_2020_0618_poc.py <target_URL>
```

## Example
```bash
python3 cve_2020_0618_poc.py http://xxx.xxx.xxx.xx/ReportServer/
```

File Snapshot

 [4.0K]  /data/pocs/837687bab986881de8c1696d7b68492ab0104bfb
├── [1.0K]  cve_2020_0618_poc.py
└── [1.1K]  README.md

0 directories, 2 files

Remarks