CVE-2010-0219 PoC — Apache SAP BusinessObjects Enterprise XI Apache Axis2信任管理漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2010/CVE-2010-0219.yaml

Associated Vulnerability

Title:Apache SAP BusinessObjects Enterprise XI Apache Axis2信任管理漏洞 (CVE-2010-0219)
Description:Apache Axis2 是一个Web服务的核心支援引擎。AXIS2对旧有的AXIS重新设计及重写，并提供两种语言Java 及 C 的开发版本。在SAP BusinessObjects Enterprise XI 3.2，CA ARCserve D2D r15和其他产品的dswsbobje.war中使用的Apache Axis2拥有管理员账户axis2的默认密码。远程攻击者可通过上传特制的web服务执行任意代码。

Description

Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.

File Snapshot


 id: CVE-2010-0219

info:
  name: Apache Axis2 Default Login
  author: pikpikcu
  severity: critical


...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!