CVE-2022-35405 PoC — ZOHO ManageEngine Password Manager Pro 代码问题漏洞

Source

Associated Vulnerability

Description

ManageEngine PAM360, Password Manager Pro, and Access Manager Plus unauthenticated remote code execution vulnerability PoC-exploit

Readme

# CVE-2022-35405
- [My blog post](https://bigous.me/2022/09/06/CVE-2022-35405.html)
- [Nuclei template](https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2022/CVE-2022-35405.yaml)
- [Other article](https://xz.aliyun.com/t/11578)
### ManageEngine PAM360 and Password Manager Pro unauthenticated remote code execution vulnerability PoC (Access Manager Plus authenticated only :\)
| Product Name         | Affected Version(s)    | Default port |
|----------------------|------------------------|--------------|
| PAM360               | 5.5 (5500) and below   |   8282       |
| Password Manager Pro | 12.1 (12100) and below |   7272
| Access Manager Plus (authenticated)  | 4.3 (4302) and below   | 9292 |

Some custom installations use port 80 or 443.

#### Usage:
```bash
python3 CVE-2022-33405.py -u <url> -p <port> --jar '/path/to/ysoserial.jar' -c <command payload>
```

File Snapshot

 [4.0K]  /data/pocs/8f2caa50724384d0fabc9efe6968333bafc692c3
├── [1.7K]  CVE-2022-35405.py
└── [ 892]  README.md

0 directories, 2 files

Remarks