SAP NetWeaver - Backdoor Detection

sap-netweaver-backdoor

Verified

Description

Detected a potential backdoor in SAP NetWeaver allowing unauthorized command execution.

Severity

Critical

Published Date

April 26, 2025

Template Author

dhiyaneshdk

sap-netweaver-backdoor.yaml

id: sap-netweaver-backdoor

info:
  name: SAP NetWeaver - Backdoor Detection
  author: DhiyaneshDk
  severity: critical
  description: |
    Detected a potential backdoor in SAP NetWeaver allowing unauthorized command execution.
  reference:
    - https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/
  metadata:
    max-request: 1
    shodan-query: html:"SAP NetWeaver Application Server Java"
    verified: true
  tags: sap,netweaver,backdoor

http:
  - method: GET
    path:
      - "{{BaseURL}}/irj/helper.jsp?cmd=ls"
      - "{{BaseURL}}/irj/cache.jsp?cmd=ls"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "Command: ls<BR>"
          - "sap"
        part: body
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c6a5846801a3a1a2e6a7cb5ccf7bf6ca724db4b9449162cfed0d1a03a8c578e90220730be6371355cef1398645742c20bc73387880c31b2d7e48a27b30296f385e6a:922c64590222798bb761d5b6d8e72950

9.5Severity

CVSS Metrics

References

https://www.bleepingcomputer.com/news/security/sap-fixes-suspected-netweaver-zero-day-exploited-in-attacks/

SAP NetWeaver - Backdoor Detection

Description

Severity

Published Date

Template Author

Nuclei Template

Nuclei Template

CVSS Metrics

References