CVE-2021-40539 PoC — ZOHO ManageEngine ADSelfService Plus 授权问题漏洞

Source

https://github.com/lpyydxs/CVE-2021-40539

Associated Vulnerability

Title:ZOHO ManageEngine ADSelfService Plus 授权问题漏洞 (CVE-2021-40539)
Description:ZOHO ManageEngine ADSelfService Plus是美国卓豪（ZOHO）公司的针对 Active Directory 和云应用程序的集成式自助密码管理和单点登录解决方案。 Zoho ManageEngine ADSelfService Plus 6113版本及更早版本存在授权问题漏洞，该漏洞源于软件很容易绕过REST API认证，从而导致远程代码执行。

Description

CVE-2021-40539：ADSelfService Plus RCE漏洞

Readme

# CVE-2021-40539
CVE-2021-40539：ADSelfService Plus RCE漏洞
一：漏洞描述
ZOHO ManageEngine ADSelfService Plus是卓豪（ZOHO）公司的针对 Active Directory 和云应用程序的集成式自助密码管理和单点登录解决方案。
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus 6113 及更早版本存在 REST API 身份验证绕过漏洞，远程攻击者可以利用此漏洞来控制受影响的系统。该漏洞CVSS评分：9.33，危害等级：严重

二：漏洞利用
步骤一：FoFa语句查询
```
# Fofa搜索语法
"ADSelfService"
app="ZOHO-ManageEngine-ADSelfService"
header="JSESSIONIDADSSP"    //推荐

# 测试数据
https://adself.66nao.com/
```
步骤二：随机找寻目标并使用以下检测脚本进行漏洞测试....

```
https://github.com/synacktiv/CVE-2021-40539/blob/main/exploit.py
使用方式：
C:\Users\26629\Desktop\CVE-2021-40539-main>python39 exploit.py
usage: exploit.py [-h] -t TARGET [-w WEBSHELL] [-j JAVA_CLASS] [-s]
exploit.py: error: the following arguments are required: -t/--target
```
![图片](https://github.com/user-attachments/assets/56aa989a-49c2-433f-9583-30c0db3cce87)
步骤三：使用哥斯拉链接并进行验证测试....
https://adself.66nao.com//help/admin-guide/test.jsp



我上传的是批量检测脚本，大家可以下载继续完善

File Snapshot


 [4.0K]  /data/pocs/8a33202c8fdc2c68af602bcc3acdb2ab2c9dd9d0
├── [6.8K]  CVE-2021-40539.py
└── [1.3K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!