CVE-2022-22536

This exploit demonstrates HTTP request smuggling (CVE-2022-22536) in SAP NetWeaver by crafting a malicious request with a mismatched Content-Length header to bypass ACLs and access internal endpoints. It includes a Python script to automate the attack and test multiple paths for vulnerability.

This PoC exploits CVE-2022-22536, a DoS vulnerability in SAP Internet Communication Manager (ICM) via a crafted HTTP request with excessive padding. It checks for vulnerability by sending a malformed request and analyzing the response count and status codes.

This repository provides a proof-of-concept for CVE-2022-22536, a request smuggling vulnerability in SAP NetWeaver and related products. The exploit leverages HTTP desynchronization to poison intermediary caches, potentially leading to credential theft or unauthorized actions.

This repository contains a functional Python-based proof-of-concept exploit for CVE-2022-22536, demonstrating HTTP request smuggling in SAP NetWeaver Application Server. The exploit leverages Content-Length manipulation to bypass access controls and access internal endpoints.

This repository contains a Python-based scanner for CVE-2022-22536, a critical request smuggling vulnerability in SAP Internet Communication Manager (ICM) and SAP Web Dispatcher. The scanner tests multiple hosts in parallel for protocol desynchronization behavior by sending crafted HTTP requests and analyzing responses.

The repository provides a detailed technical explanation of CVE-2022-22536, a request smuggling vulnerability in SAP NetWeaver and related components. It includes a proof-of-concept HTTP request demonstrating the desynchronization attack but lacks functional exploit code.

This repository provides a functional proof-of-concept for CVE-2022-22536, demonstrating request smuggling and cache poisoning in SAP NetWeaver via desynchronization of memory pipes. The PoC includes a crafted HTTP request with a large Content-Length header to exploit the vulnerability.

This repository contains a functional PoC for CVE-2022-22536, a vulnerability in SAP NetWeaver AS JAVA (LM Configuration Wizard). The exploit crafts a malformed HTTP request with excessive padding to trigger a DoS condition by causing the server to respond with multiple HTTP responses.