ManageEngine ServiceDesk Plus Arbitrary File Upload
Posted by deepcore on October 8, 2015 – 9:26 am
This Metasploit module exploits a file upload vulnerability in ManageEngine ServiceDesk Plus. The vulnerability exists in the FileUploader servlet which accepts unauthenticated file uploads. This Metasploit module has been tested successfully on versions v9 b9000 – b9102 in Windows and Linux. The MSP versions do not expose the vulnerable servlet.
Post a reply
You must be logged in to post a comment.