CVE-2023-35854 PoC — ZOHO ManageEngine ADSelfService Plus 访问控制错误漏洞

Source

Associated Vulnerability

Title:ZOHO ManageEngine ADSelfService Plus 访问控制错误漏洞 (CVE-2023-35854)
Description:ZOHO ManageEngine ADSelfService Plus是美国卓豪（ZOHO）公司的针对 Active Directory 和云应用程序的集成式自助密码管理和单点登录解决方案。 ZOHO ManageEngine ADSelfService Plus 6113及之前版本存在访问控制错误漏洞，该漏洞源于存在身份验证绕过，攻攻击者利用该漏洞可以利用窃取域控制器会话令牌进行身份欺骗，从而获得域控制器管理员权限。

Description

针对CVE-2023-35854的批量扫描脚本

Readme

# exp
针对CVE-2023-35854的批量扫描脚本
使用：python3 piliang.py -r D:\1.txt

File Snapshot


 [4.0K]  /data/pocs/4c78d9e2626e40c69dec4e8bd40aebb61c55ab03
├── [9.9K]  CVE-2023-35854.py
└── [  88]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!