Full title: SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution 
Category: remote exploits
Platform: windows
This Metasploit module abuses the SAP NetWeaver SXPG_CALL_SYSTEM function, on the SAP SOAP RFC Service, to execute remote commands. This Metasploit module needs SAP credentials with privileges to use the /sap/bc/soap/rfc in order to work. The module has been tested successfully on Windows 2008 64 bits and Linux 64 bits platforms.

# 0day.today @ http://0day.today/