Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-6287 PoC — SAP NetWeaver AS JAVA 授权问题漏洞

Source
https://github.com/duc-nt/CVE-2020-6287-exploit
Associated Vulnerability
Title:SAP NetWeaver AS JAVA 授权问题漏洞 (CVE-2020-6287)
Description:SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.
Description
PoC for CVE-2020-6287  The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 This PoC only create user with unauthentication permission and no more administrator permission set. This project is created only for educational purposes and cannot be used for law violation or personal gain. The author of this project is not responsible for any possible harm caused by the materials of this project. Original finding: CVE-2020-6287: Pablo Artuso CVE-2020-6286: Yvan 'iggy' G.  Usage: python sap-CVE-2020-6287-add-user.py <HTTP(s)://IP:Port
Readme
# CVE-2020-6287-exploit
### PoC for CVE-2020-6287
### The PoC in python for add user only, no administrator permission set. Inspired by @zeroSteiner from metasploit. Original Metasploit PR module: https://github.com/rapid7/metasploit-framework/pull/13852/commits/d1e2c75b3eafa7f62a6aba9fbe6220c8da97baa8 

### This PoC only create user with unauthenticated permission and no more administrator permission set. 

### This project is created only for educational purposes and cannot be used for law violation or personal gain.
### The author of this project is not responsible for any possible harm caused by the materials of this project. 

### Original finding: CVE-2020-6287: Pablo Artuso. CVE-2020-6286: Yvan 'iggy' G.

### Usage: python sap-CVE-2020-6287-add-user.py HTTP/S://IP:Port USERNAME_FOR_CREATE PASSWD

## Demo

` Simple:`

<img src="https://pbs.twimg.com/media/EdZA41PUEAAcE8Q?format=png&name=large">

` Advanced:`

<img src="https://pbs.twimg.com/media/Eda76DnUEAIMJSD?format=png&name=large">
File Snapshot

 [4.0K]  /data/pocs/9a179d6f20bd420c9d56282f1d2c61f85daf20d0
├── [1007]  README.md
└── [2.6K]  sap-CVE-2020-6287-add-user.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →