CVE-2020-26836 PoC — SAP Solution Manager 输入验证错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26836.yaml

Associated Vulnerability

Title:SAP Solution Manager 输入验证错误漏洞 (CVE-2020-26836)
Description:SAP Solution Manager是德国思爱普（SAP）公司的一套集系统监控、SAP支持桌面、自助服务、ASAP实施等多个功能为一体的系统管理平台。该平台可以帮助客户建立SAP解决方案的生命周期管理，并提供系统监控、远程支持服务和SAP产品组件升级等功能。 SAP Solution Manager 720版本存在安全漏洞，该漏洞源于允许参数的滥用导致开放应用程序URL重定向漏洞,攻击者可以欺骗用户进入一个链接到恶意网站输入凭据或下载恶意软件。

Description

SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

File Snapshot


 id: CVE-2020-26836

info:
  name: SAP Solution Manager - Open Redirect
  author: Gal Nagli,LRVT
  se

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!