VDB
CNVD-2021-03712
CNVD-2021-03712
PUBLISHED
SAP BusinessObjects Business Intelligence Platform是德国思爱普(SAP)公司的一套商务智能软件和企业绩效解决方案套件。该产品具有报告生成、分析、数据可视化等功能。 SAP BusinessObjects Business Intelligence Platform (Web Services) 410、420和430版本存在跨站请求伪造漏洞。未经身份认证的攻击者可通过注入任意值作为CMS参数利用该漏洞扫描内部网络确定内部基础结构,并收集信息以进行进一步的攻击,如远程文件包含,检索服务器文件,绕过防火墙并迫使存在漏洞的服务器执行恶意请求。
Exploit Intelligence
- Exploit script for SAP Business Objects SSRF (github-poc-repo)
- Exploit script for SAP Business Objects SSRF (github-poc-repo)
- This script exploits and performs an SSRF (Server-Side Request Forgery) and Timing Attack against the SAP BusinessObjects Launchpad (CVE-2020-6308). It attempts to determine the status of various ports on a target IP address by measuring the response time of the application when attempting to authenticate against it. (github-poc-repo)
- This script exploits and performs an SSRF (Server-Side Request Forgery) and Timing Attack against the SAP BusinessObjects Launchpad (CVE-2020-6308). It attempts to determine the status of various ports on a target IP address by measuring the response time of the application when attempting to authenticate against it. (github-poc-repo)
- This script exploits and performs an SSRF (Server-Side Request Forgery) and Timing Attack against the SAP BusinessObjects Launchpad (CVE-2020-6308). It attempts to determine the status of various ports on a target IP address by measuring the response time of the application when attempting to authenticate against it. (github-poc)
- This script exploits and performs an SSRF (Server-Side Request Forgery) and Timing Attack against the SAP BusinessObjects Launchpad (CVE-2020-6308). It attempts to determine the status of various ports on a target IP address by measuring the response time of the application when attempting to authenticate against it. (github-poc)
- Exploit script for SAP Business Objects SSRF (github-poc)
- Exploit script for SAP Business Objects SSRF (github-poc)
- CVE-2020-6308 mass exploiter/fuzzer. (github-poc)
- CVE-2020-6308 mass exploiter/fuzzer. (github-poc)
…and 6 more exploits
Timeline
- Oct 20, 2020 CVE Published