CVE-2020-10189 PoC — ZOHO ManageEngine Desktop Central 代码问题漏洞

Source

https://github.com/BLACKpwn/Remote_Code_Execution-

Associated Vulnerability

Title:ZOHO ManageEngine Desktop Central 代码问题漏洞 (CVE-2020-10189)
Description:ZOHO ManageEngine Desktop Central（DC）是美国卓豪（ZOHO）公司的一套桌面管理解决方案。该方案包含软件分发、补丁管理、系统配置、远程控制等功能模块，可对桌面机以及服务器管理的整个生命周期提供支持。 ZOHO ManageEngine DC 10.0.474之前版本中存在代码问题漏洞，该漏洞源于程序反序列化了不可信的数据。攻击者可利用该漏洞在系统上执行任意代码。

Description

CVE-2020-10189:  Microsoft Windows SMBv3 Remote Code Execution (RCE)

Readme

# Remote Code Execution Vulnerability Mitigation Project

This project aims to address and mitigate Remote Code Execution vulnerabilities in web applications.

## Installation
1. Clone the repository.
2. Install the required dependencies using `pip install -r requirements.txt`.

## Usage
1. Run the `app.py` script.
2. Send POST requests to `http://localhost:5000/execute` with a 'command' parameter to execute commands securely.

## Security Considerations
- Input validation is implemented to prevent command injection.
- Regular security audits and testing are recommended to ensure the effectiveness of the mitigation.

File Snapshot


 [4.0K]  /data/pocs/914418593e333ce6977f245e2200aae20618f98d
├── [ 500]  app.py
├── [ 280]  exploit.py
├── [1.2K]  LICENSE
├── [ 631]  penetration_test_report.txt
├── [ 624]  README.md
└── [ 444]  security_audit_report.txt

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!