CVE-2020-28653 PoC — ZOHO ManageEngine OpManager 安全漏洞

Source

https://github.com/intrigueio/cve-2020-28653-poc

Associated Vulnerability

Title:ZOHO ManageEngine OpManager 安全漏洞 (CVE-2020-28653)
Description:ZOHO ManageEngine OpManager是美国卓豪（ZOHO）公司的一套网络、服务器及虚拟化监控软件。 Zoho ManageEngine OpManager Stable build before 125203 存在安全漏洞，该漏洞允许通过智能更新管理器(SUM) servlet远程执行代码。

Readme

# Manage Engine OpManager CVE-2020-28653 Proof of Concept

This proof of concept detects whether a Manage Engine OpManager instance is vulnerable to CVE-2020-28653. Detection is performed by firing off a request containing the serialized payload to the instance. Upon the payload being deserialized, it will cause the instance to invoke a DNS Lookup.

## Installation

1. Clone the repository by running:
`git clone https://github.com/intrigueio/cve-2020-2853-poc`

2. Install the required dependencies by running:
`bundle install`

## Usage

```
bundle exec ruby CVE-2020-28653.rb [options]
    -t target                        target to exploit (including scheme) e.g http://localhost:8060
    -l listener                      DNS Listener e.g 1766x23ymcldy2ppolrnvxngc7ix6m.burpcollaborator.net
    -p /path/to/ysoserial.jar        Path to ysoserial.jar
```

## References

https://haxolot.com/posts/2021/manageengine_opmanager_pre_auth_rce/

## Credits
- [shpendk](https://github.com/shpendk)
- [m-q-t](https://github.com/m-q-t)
- [Haxolot](https://haxolot.com/)

File Snapshot


 [4.0K]  /data/pocs/1c36acca75af74db0e32da1f2fcd5cb58b982521
├── [  10]  1002.ser
├── [2.2K]  CVE-2020-28653.rb
├── [  45]  Gemfile
└── [1.0K]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!