ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

Posted by deepcore on July 25, 2017 – 11:30 pm

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 10. When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which results in remote code execution under the context of SYSTEM. This exploit was successfully tested on version 10, build 100087.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« REDDOXX Appliance Arbitrary File Disclosure REDDOXX Appliance Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

ManageEngine Desktop Central 10 Build 100087 Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL