CVE-2020-6287

This repository contains a functional Python script that exploits CVE-2020-6287 (SAP RECON vulnerability), which involves a missing authorization check in SAP LM Configuration Wizard and a directory traversal in the `queryProtocol` method. The script can check for vulnerability, download arbitrary ZIP files, and create SAP JAVA users with varying privileges.

This repository contains a functional Python exploit for CVE-2020-6287, which allows unauthenticated user creation in SAP NetWeaver AS Java. The exploit sends a crafted SOAP request to the CTCWebService endpoint to add a user without administrative privileges.

This repository contains two Python scripts for scanning SAP NetWeaver Java applications for CVE-2020-6287 (RECON). One script performs vulnerability detection, while the other scans logs for indicators of compromise (IoCs).

This repository provides functional exploit code for CVE-2020-6287, an authentication bypass vulnerability in SAP NetWeaver AS JAVA. It includes detailed PoC requests to create both simple and administrator Java users via unauthenticated SOAP requests.

This repository contains a functional exploit for CVE-2020-6287, an authentication bypass vulnerability in SAP NetWeaver AS JAVA. The exploit uses Shodan to find targets and leverages Metasploit's module to create an administrative user on vulnerable systems.

The repository contains only a vague README with no technical details or exploit code, suggesting it may be a lure for external downloads or monetization. No actual PoC or analysis is provided.

This repository contains a bash script that checks for the existence of a user account created via CVE-2020-6287 by iterating through possible mandate values. It does not exploit the vulnerability but verifies if an account was created using the RECON.py exploit.

This Metasploit module exploits CVE-2020-6287 (RECON) in SAP NetWeaver AS Java to create or delete users via unauthenticated SOAP requests to the CTCWebService. It leverages a job submission mechanism to add a user with a specified role and cleans up by canceling the job.