CVE-2023-38743 PoC — ZOHO ManageEngine ADManager Plus 安全漏洞

Source

https://github.com/PetrusViet/CVE-2023-38743

Associated Vulnerability

Title:ZOHO ManageEngine ADManager Plus 安全漏洞 (CVE-2023-38743)
Description:ZOHO ManageEngine ADManager Plus是美国卓豪（ZOHO）公司的一套为使用Windows域的企业用户设计的微软活动目录管理软件。该软件能够协助AD管理员和帮助台技术人员进行日常管理工作，例如批量管理用户帐户和AD对象、给帮助台技术员指派基于角色的访问权限等。 ZOHO ManageEngine ADManager Plus Build 7200之前版本存在安全漏洞，该漏洞源于允许具有管理员权限的用户经过身份验证之后在主机上运行任意命令。

Description

ManageEngine ADManager Command Injection

Readme

# CVE-2023-38743
ManageEngine ADManager Command Injection


Ref:
- https://medium.com/@petrusviet/cve-2023-38743-manageengine-admanager-command-injection-6afccbb196fe
- https://www.zerodayinitiative.com/advisories/ZDI-23-1488/

File Snapshot


 [4.0K]  /data/pocs/13b2480a0b17c981af4e46919903c3aad847138c
├── [3.3K]  exploit.py
└── [ 227]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!