This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus – which is SYSTEM if started as a service.
This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.
This Metasploit module exploits CVE-2021-40539, a REST API authentication bypass vulnerability in ManageEngine ADSelfService Plus, to upload a JAR and execute it as the user running ADSelfService Plus – which is SYSTEM if started as a service.