SAP ConfigServlet OS command execution module #1740
This module allows execution of operating system commands throug the
The vulnerability was discovered by ERPScan's team, it was presented on Hacker Halted 2012 conference:
Hi @andrewkabai , do you mind to share a pcap of the module working for verification? Since I dont find any free trial / edition of SAP java I guess it would be the easiest way to verify it and be able to proceed with merging :) Feel free to use email if would be better for you: juan.vazquez [at] metasploit.com
pcap verified and looks fine!, module is mainly ready to be merged! Thanks very much for your collaboration!
But I've just noticed you're using your mater branch to do the pull request. I'm going to need to ask you to do a new pull request, using a new branch on your repo, to avoid problems when merging into the rapid7 repository.
In order to do it fine just create new branch from your master branch. For example:
Write the new module and then add the new module, in the new branch, to your local repository and push into your origin:
Then proceed to do the pull request against the rapid7 repository, but using the new branch. I've just tried to provide sample commands. You can carefully review how to proceed with pull requests from the documentation available at the wiki: https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment
Please dont hesitate on contact me if you've any doubt. In the meanwhile I'm going to close this pull request because it can not be merged.
Thanks very much!