CVE-2021-37415 PoC — ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-37415.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞 (CVE-2021-37415)
Description:ZOHO ManageEngine ServiceDesk Plus（SDP）是美国卓豪（ZOHO）公司的一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。 Zoho ManageEngine ServiceDesk Plus 存在访问控制错误漏洞，该漏洞源于产品中的一些API缺少验证限制。攻击者可通过该漏洞在没有鉴权的情况下访问敏感链接。以下产品及版本受到影响：Zoho ManageEngine ServiceDesk Plus 11

Description

Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.

File Snapshot


 id: CVE-2021-37415

info:
  name: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!