Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-12998 PoC — 多款ZOHO产品跨站脚本漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2018/CVE-2018-12998.yaml
Associated Vulnerability
Title:多款ZOHO产品跨站脚本漏洞 (CVE-2018-12998)
Description:ZOHO ManageEngine Netflow Analyzer等都是美国卓豪(ZOHO)公司的产品。ZOHO ManageEngine Netflow Analyzer是一套基于Web的带宽监控工具。Network Configuration Manager是一套用于配置交换机、路由器、防火墙和其他网络设备的网络配置管理、网络变更和配置管理(NCCM)软件。 多款ZOHO产品中存在跨站脚本漏洞。远程攻击者可通过向/servlet/com.adventnet.me.opmanager.servlet.
Description
Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts  Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
File Snapshot

 id: CVE-2018-12998

info:
  name: Zoho manageengine - Cross-Site Scripting
  author: pikpikcu
  seve

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.