关联漏洞
标题:
SAP NetWeaver Application Server Java 路径遍历漏洞
(CVE-2017-12637)
描述:SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台,该平台可为SAP应用提供开发和运行环境。SAP NetWeaver Application Server(AS)Java是一款运行于NetWeaver中且基于Java编程语言的应用服务器。 SAP NetWeaver AS Java 7.5版本中的scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS目录存在目录遍历漏洞。远程攻击者可借助特制的查询字符串利用该漏洞读取任意文件
描述
Proof-of-concept LFI Scanner: Automated detection of /etc/passwd exposures via directory traversal and regex matching.
介绍
# CVE-2017-12637_SAP-NetWeaver-URL-Traversal
Proof-of-concept LFI Scanner: Automated detection of /etc/passwd exposures via directory traversal and regex matching.
---
````markdown
# LFI Scanner
A lightweight Python proof-of-concept to scan target hosts for Local File Inclusion (LFI) vulnerabilities by attempting to retrieve `/etc/passwd` and detecting its presence with a regex check. :contentReference[oaicite:0]{index=0}
## Features
- **Batch scanning** of hostnames or host:port targets from an input file
- **Directory traversal payload** to reach `/etc/passwd`
- **Regex detection** of the `root` entry to confirm LFI
- **Progress bar** powered by `tqdm` for real-time feedback
- **Structured reporting**: outputs findings and previews to a results file
## Prerequisites
- Python 3.6 or newer
- [`tqdm`](https://pypi.org/project/tqdm/) (`pip install tqdm`)
- `curl` CLI available in your PATH
## Installation
```bash
git clone https://github.com/yourusername/lfi-scanner.git
cd lfi-scanner
pip install tqdm
````
## Usage
```bash
python poc.py <input_file> [-o OUTPUT_FILE]
```
* `<input_file>`: Path to a file containing one target per line (`hostname` or `hostname:port`).
* `-o, --output`: (Optional) Path to write results (default: `results.txt`).
### Example
Given `targets.txt`:
```
example.com
192.168.0.1:8443
```
Run the scanner:
```bash
python poc.py targets.txt -o scan_results.txt
```
You’ll see output like:
```
[+] https://example.com:443/... → /etc/passwd FOUND
[-] https://192.168.0.1:8443/... → Response received, no match
```
And `scan_results.txt` will contain a summary and previews.
## Script Breakdown
* **`poc.py`**:
* Uses `argparse` to parse `--input` and `--output`.
* Iterates targets and constructs the URL with a deep traversal payload.
* Calls `curl --insecure -s` for each target.
* Searches for `root:.*?:0:0:` to confirm `/etc/passwd` exposure.
* Prints status per host and writes detailed results to the output file. 
## Disclaimer
Use this tool **responsibly** and **only** on assets you own or have explicit permission to test. Unauthorized scanning may violate laws and terms of service.
## License
Released under the [MIT License](LICENSE).
```
```
文件快照
[4.0K] /data/pocs/ad00304f6f9a738e58d0617f45cabddfb23bc6be
├── [1.0K] LICENSE
├── [2.4K] poc_SAPNetWeaver.py
└── [2.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。