关联漏洞
标题:
Microsoft SQL Server Reporting Services 代码问题漏洞
(CVE-2020-0618)
描述:Microsoft SQL Server Reporting Services(SSRS)是美国微软(Microsoft)公司的一套基于服务器的报告平台,它支持创建、部署和管理移动和分页报表。 Microsoft SQL Server Reporting Services中存在代码问题漏洞,该漏洞源于程序不正确的处理页面请求。攻击者可利用该漏洞在系统上执行代码。以下产品及版本受到影响:Microsoft SQL Server 2012,Microsoft SQL Server 2014 Service P
介绍
# CVE-2020-0618 - Microsoft SQL Server Reporting Services (SSRS) RCE Detection PoC
[](https://www.python.org/)
[](LICENSE)
[]
---
## 📜 Description
This is a simple PoC to detect **CVE-2020-0618**, a Remote Code Execution vulnerability affecting **Microsoft SQL Server Reporting Services (SSRS)**.
The vulnerability exists due to improper path validation in the `LoadReport()` SOAP API. If vulnerable, it could potentially lead to **remote code execution** under the context of the SQL Server Reporting Services account.
---
## ✨ Features
- Simple vulnerability detection (not exploitation)
- Supports custom SSRS targets
- Fast and lightweight
- Python 3 compatible
---
## 🧰 Requirements
- Python >= 3.6
- `requests` Python library
## Usage
```Python
python3 cve_2020_0618_poc.py <target_URL>
```
## Example
```bash
python3 cve_2020_0618_poc.py http://xxx.xxx.xxx.xx/ReportServer/
```
文件快照
[4.0K] /data/pocs/837687bab986881de8c1696d7b68492ab0104bfb
├── [1.0K] cve_2020_0618_poc.py
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。