CVE-2020-0618 PoC — Microsoft SQL Server Reporting Services 代码问题漏洞

Source

https://github.com/N3xtGenH4cker/CVE-2020-0618_DETECTION

Associated Vulnerability

Title:Microsoft SQL Server Reporting Services 代码问题漏洞 (CVE-2020-0618)
Description:A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Readme

# CVE-2020-0618 - Microsoft SQL Server Reporting Services (SSRS) RCE Detection PoC

[![Python](https://img.shields.io/badge/Python-3.x-blue?style=flat-square&logo=python)](https://www.python.org/)
[![License](https://img.shields.io/badge/License-Educational-red?style=flat-square)](LICENSE)
[![Status](https://img.shields.io/badge/Status-Detection_Only-orange?style=flat-square)]

---

## 📜 Description

This is a simple PoC to detect **CVE-2020-0618**, a Remote Code Execution vulnerability affecting **Microsoft SQL Server Reporting Services (SSRS)**.

The vulnerability exists due to improper path validation in the `LoadReport()` SOAP API. If vulnerable, it could potentially lead to **remote code execution** under the context of the SQL Server Reporting Services account.

---

## ✨ Features
- Simple vulnerability detection (not exploitation)
- Supports custom SSRS targets
- Fast and lightweight
- Python 3 compatible

---

## 🧰 Requirements

- Python >= 3.6
- `requests` Python library

## Usage
```Python
python3 cve_2020_0618_poc.py <target_URL>
```

## Example
```bash
python3 cve_2020_0618_poc.py http://xxx.xxx.xxx.xx/ReportServer/
```

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →