SAP NetWeaver - Backdoor Detection

sap-netweaver-backdoor

Verified

Description

Detected a potential backdoor in SAP NetWeaver allowing unauthorized command execution.

Severity

Critical

Published Date

April 26, 2025

Template Author

dhiyaneshdk

sap-netweaver-backdoor.yaml

id: sap-netweaver-backdoor

info:
  name: SAP NetWeaver - Backdoor Detection
  author: DhiyaneshDk
  severity: critical
  description: |
    Detected a potential backdoor in SAP NetWeaver allowing unauthorized command execution.
  reference:
    - https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
  metadata:
    max-request: 1
    shodan-query: html:"SAP NetWeaver Application Server Java"
    verified: true
  tags: sap,netweaver,backdoor,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/irj/helper.jsp?cmd=ls"
      - "{{BaseURL}}/irj/cache.jsp?cmd=ls"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Command: ls<BR>"
          - "sap"
        part: body
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022051ecdfd8e12d4590b66d63f47eaa1966fe16d305cddd3dca23c076903f24f7b4022100a5a0a6668aa767ce0511e9bd6e0daf3239431a8c9f2b21657fd0882e5f6ef914:922c64590222798bb761d5b6d8e72950

9.5Severity

CVSS Metrics

References

https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/

SAP NetWeaver - Backdoor Detection

Description

Severity

Published Date

Template Author

Nuclei Template

Nuclei Template

CVSS Metrics

References