.. / CVE-2020-6308

Exploit for SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery (CVE-2020-6308)

Description:

SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.

Nuclei Template

View the template here CVE-2020-6308.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-6308.yaml

References:

https://launchpad.support.sap.com/#/notes/2943844
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2020-6308
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://github.com/InitRoot/CVE-2020-6308-PoC

.. / CVE-2020-6308 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery (CVE-2020-6308)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-6308