CVE-2006-5784

SAP Web Application Server <7.00 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5784. PoCs published by Nicob.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in SAP Web Application Server Java 6.40 by sending crafted packets to 'enserver.exe' to download arbitrary files from the target system. The exploit leverages a protocol-level flaw to retrieve files up to 32KB in size.

Description

Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nicob · perlremotewindows

https://www.exploit-db.com/exploits/3291

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in SAP Web Application Server Java 6.40 by sending crafted packets to 'enserver.exe' to download arbitrary files from the target system. The exploit leverages a protocol-level flaw to retrieve files up to 32KB in size.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: SAP Web Application Server Java 6.40

No auth needed

Prerequisites: Network access to the target SAP server on TCP port 3200+SYSNR · Knowledge of the target file path

MITRE ATT&CK