CVE-2016-2389 PoC — SAP NetWeaver Manufacturing Integration and Intelligence 目录遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-2389.yaml

Associated Vulnerability

Title:SAP NetWeaver Manufacturing Integration and Intelligence 目录遍历漏洞 (CVE-2016-2389)
Description:SAP NetWeaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台可为SAP应用提供开发和运行环境。Manufacturing Integration and Intelligence（又名MII,前称xMII）是其中的一个将核心的生产制造系统与企业流程集成的组件。 SAP NetWeaver 7.4版本的MII组件中存在目录遍历漏洞。远程攻击者可利用该漏洞读取任意文件。

Description

SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.

File Snapshot


 id: CVE-2016-2389

info:
  name: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!