POC详情: 1c36acca75af74db0e32da1f2fcd5cb58b982521

来源
https://github.com/intrigueio/cve-2020-28653-poc
关联漏洞
标题: ZOHO ManageEngine OpManager 安全漏洞 (CVE-2020-28653)
描述:ZOHO ManageEngine OpManager是美国卓豪(ZOHO)公司的一套网络、服务器及虚拟化监控软件。 Zoho ManageEngine OpManager Stable build before 125203 存在安全漏洞,该漏洞允许通过智能更新管理器(SUM) servlet远程执行代码。
介绍
# Manage Engine OpManager CVE-2020-28653 Proof of Concept

This proof of concept detects whether a Manage Engine OpManager instance is vulnerable to CVE-2020-28653. Detection is performed by firing off a request containing the serialized payload to the instance. Upon the payload being deserialized, it will cause the instance to invoke a DNS Lookup.

## Installation

1. Clone the repository by running:
`git clone https://github.com/intrigueio/cve-2020-2853-poc`

2. Install the required dependencies by running:
`bundle install`

## Usage

```
bundle exec ruby CVE-2020-28653.rb [options]
    -t target                        target to exploit (including scheme) e.g http://localhost:8060
    -l listener                      DNS Listener e.g 1766x23ymcldy2ppolrnvxngc7ix6m.burpcollaborator.net
    -p /path/to/ysoserial.jar        Path to ysoserial.jar
```

## References

https://haxolot.com/posts/2021/manageengine_opmanager_pre_auth_rce/

## Credits
- [shpendk](https://github.com/shpendk)
- [m-q-t](https://github.com/m-q-t)
- [Haxolot](https://haxolot.com/)
文件快照

 [4.0K]  /data/pocs/1c36acca75af74db0e32da1f2fcd5cb58b982521
├── [  10]  1002.ser
├── [2.2K]  CVE-2020-28653.rb
├── [  45]  Gemfile
└── [1.0K]  README.md

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。