关联漏洞
标题:SAP NetWeaver 路径遍历漏洞 (CVE-2021-38163)Description:SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver 7.30, 7.31, 7.40, 7.50版本存在路径遍历漏洞,被认证为非管理员用户的攻击者可以通过网络上传恶意文件并触发其处理,该文件能够运行操作系统具有 Java Server 进程特权的命令。这些命令可用于读取或修改服务器上的任何信息或关闭服务器使其不可用。
Description
CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability
介绍
# CVE-2021-38163 - SAP NetWeaver AS Java Desynchronization Vulnerability
## Description
CVE-2021-38163 is a security vulnerability in **SAP NetWeaver Application Server (AS) Java** that allows an authenticated attacker to **upload arbitrary files** to the server, potentially leading to **remote code execution (RCE)**.
The issue arises due to improper access controls in the **Visual Composer Migration Service** (`com.sap.visualcomposer.VCParMigrator`), which fails to properly validate file paths. An attacker can exploit this by:
- **Path Traversal**: Bypassing directory restrictions to write files outside intended locations
- **JSP Upload**: Deploying a malicious JavaServer Pages (JSP) file to execute arbitrary commands
- **Authentication Bypass**: In some configurations, leveraging weak session management to escalate privileges
## Affected Versions
- SAP NetWeaver AS Java (versions before security patch updates in **October 2021**)
## Impact
- **Remote Code Execution (RCE)**: Execute OS commands with SAP system user privileges
- **Information Disclosure**: Access sensitive SAP configuration files
- **Denial of Service (DoS)**: Disrupt service availability via malicious file uploads
## Proof of Concept (PoC)
A functional exploit demonstrating the vulnerability:
🔗 [https://github.com/purpleteam-ru/CVE-2021-38163](https://github.com/purpleteam-ru/CVE-2021-38163)
## Mitigation
- Apply SAP Security Note **[#3089838](https://launchpad.support.sap.com/#/notes/3089838)** (SAP login required)
- Restrict access to `/irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.VCParMigrator`
- Implement network segmentation for SAP NetWeaver interfaces
## References
- [SAP Security Patch Day (Oct 2021)](https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+October+2021)
- [CVE-2021-38163 @ NVD](https://nvd.nist.gov/vuln/detail/CVE-2021-38163)
⚠️ Warning: Use only on authorized systems. SAP exploitation may violate security policies.
文件快照
[4.0K] /data/pocs/59476844ae2fcce4dba02b691204c1e80cc0d1fb
├── [5.5K] CVE-2021-38163.py
└── [1.9K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。