关联漏洞
描述
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
介绍
# CVE-2025-31324
## How does this detection method work?
The template performs an HTTP GET request to the target's base URL and examines the response headers to identify SAP NetWeaver Application Server instances. This information helps assess whether the system might be susceptible to CVE-2025-31324.
## How do I run this script?
1. Download Nuclei from [here](https://github.com/projectdiscovery/nuclei)
2. Copy the template to your local system
3. Run the following command: `nuclei -u https://yourHost.com -t template.yaml`
## References
- https://nvd.nist.gov/vuln/detail/CVE-2025-31324
- https://me.sap.com/notes/3594142
## Disclaimer
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
## Contact
Feel free to reach out to me on [Signal](https://signal.me/#eu/0Qd68U1ivXNdWCF4hf70UYFo7tB0w-GQqFpYcyV6-yr4exn2SclB6bFeP7wTAxQw).
文件快照
[4.0K] /data/pocs/f7e6257859a94861177d73d70d459bd7678c91a6
├── [1.2K] CVE-2025-31324.yaml
└── [ 942] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。