CVE-2021-44077 PoC — ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-44077.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ServiceDesk Plus 访问控制错误漏洞 (CVE-2021-44077)
Description:ZOHO ManageEngine ServiceDesk Plus（SDP）是美国卓豪（ZOHO）公司的一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。 ZOHO ManageEngine ServiceDesk Plus 存在访问控制错误漏洞，未经身份验证的攻击者可以远程执行代码。以下产品及版本受到影响：Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plu

Description

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.

File Snapshot


 id: CVE-2021-44077

info:
  name: Zoho ManageEngine ServiceDesk Plus - Remote Code Execution
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!