Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2017-12637 PoC — SAP NetWeaver Application Server Java 路径遍历漏洞

Source
https://github.com/abrewer251/CVE-2017-12637_SAP-NetWeaver-URL-Traversal
Associated Vulnerability
Title:SAP NetWeaver Application Server Java 路径遍历漏洞 (CVE-2017-12637)
Description:Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
Description
Proof-of-concept LFI Scanner: Automated detection of /etc/passwd exposures via directory traversal and regex matching.
Readme
# CVE-2017-12637_SAP-NetWeaver-URL-Traversal
Proof-of-concept LFI Scanner: Automated detection of /etc/passwd exposures via directory traversal and regex matching.
---

````markdown
# LFI Scanner

A lightweight Python proof-of-concept to scan target hosts for Local File Inclusion (LFI) vulnerabilities by attempting to retrieve `/etc/passwd` and detecting its presence with a regex check. :contentReference[oaicite:0]{index=0}

## Features

- **Batch scanning** of hostnames or host:port targets from an input file  
- **Directory traversal payload** to reach `/etc/passwd`  
- **Regex detection** of the `root` entry to confirm LFI  
- **Progress bar** powered by `tqdm` for real-time feedback  
- **Structured reporting**: outputs findings and previews to a results file  

## Prerequisites

- Python 3.6 or newer  
- [`tqdm`](https://pypi.org/project/tqdm/) (`pip install tqdm`)  
- `curl` CLI available in your PATH  

## Installation

```bash
git clone https://github.com/yourusername/lfi-scanner.git
cd lfi-scanner
pip install tqdm
````

## Usage

```bash
python poc.py <input_file> [-o OUTPUT_FILE]
```

* `<input_file>`: Path to a file containing one target per line (`hostname` or `hostname:port`).
* `-o, --output`: (Optional) Path to write results (default: `results.txt`).

### Example

Given `targets.txt`:

```
example.com
192.168.0.1:8443
```

Run the scanner:

```bash
python poc.py targets.txt -o scan_results.txt
```

You’ll see output like:

```
[+] https://example.com:443/... → /etc/passwd FOUND
[-] https://192.168.0.1:8443/... → Response received, no match
```

And `scan_results.txt` will contain a summary and previews.

## Script Breakdown

* **`poc.py`**:

  * Uses `argparse` to parse `--input` and `--output`.
  * Iterates targets and constructs the URL with a deep traversal payload.
  * Calls `curl --insecure -s` for each target.
  * Searches for `root:.*?:0:0:` to confirm `/etc/passwd` exposure.
  * Prints status per host and writes detailed results to the output file.&#x20;

## Disclaimer

Use this tool **responsibly** and **only** on assets you own or have explicit permission to test. Unauthorized scanning may violate laws and terms of service.

## License

Released under the [MIT License](LICENSE).

```
```
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →