środa, 18 marca 2020

Postauth RCE in ManageEngine 14

This time I tried to find some way to run 'my own code' on latest ManageEngine (version 14). Below you will find few notes about it. Here we go...
Today we will start here:

Because there you'll find a 10 pages about a way to execute your code and achieve reverse shell in "latest" ManageEngine (version 14):

Small intro looks like this: 

In the link you'll find a PDF file with all details for this scenario.

In case of any question(s) - you know how to find me. ;)

See you next time!


2 komentarze:

  1. We are aware of this functionality and it is available for only authenticated admin accounts. This was already reported by another researcher and in response to that, we have brought the option to let user blacklist commands. We plan to bring in more security controls in this flow. More details in https://zurl.co/vOpg
    In addition to this, we prompt the admin user to change the default password to avoid potential security incidents.

  2. Hi ManageEngine Team,

    I'm glad to see this. Thank you very much for the updates! :)

    And thank you for watching.