CVE-2024-22127 PoC — SAP NetWeaver 代码注入漏洞

Source

https://github.com/mylo-2001/SAPSlayer

Associated Vulnerability

Title:SAP NetWeaver 代码注入漏洞 (CVE-2024-22127)
Description:SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver 存在代码注入漏洞，该漏洞源于允许具有高权限的攻击者上传潜在危险文件，从而导致命令注入漏洞。

Description

SAP RCE auto-chain (CVE-2024-22127 + DIAG)

File Snapshot


 [4.0K]  /data/pocs/b2f8622ad9c05e198a81acfb22144221a507e152
├── [4.0K]  modules
│   ├── [4.0K]  __pycache__
│   │   └── [2.9K]  sap_rce.cpython-313.pyc
│   └── [1.3K]  sap_rce.py
├── [4.0K]  payloads
│   ├── [ 266]  diag_reverse.py
│   └── [4.0K]  __pycache__
│       └── [ 528]  diag_reverse.cpython-313.pyc
└── [2.2K]  sapslayer.py

5 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!