ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine SecurityManager Plus 5.5 Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw found in...

ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the 'f' parameter, which can be abused to read any file outside the virtual directory. This module...