CVE-2023-29084 PoC — ZOHO ManageEngine ADManager Plus 命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-29084.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ADManager Plus 命令注入漏洞 (CVE-2023-29084)
Description:ZOHO ManageEngine ADManager Plus是美国卓豪（ZOHO）公司的一套为使用Windows域的企业用户设计的微软活动目录管理软件。该软件能够协助AD管理员和帮助台技术人员进行日常管理工作，例如批量管理用户帐户和AD对象、给帮助台技术员指派基于角色的访问权限等。 ZOHO ManageEngine ADManager Plus 7180版本及之前版本存在命令注入漏洞。攻击者利用该漏洞通过代理设置执行命令注入攻击。

Description

Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.

File Snapshot


 id: CVE-2023-29084

info:
  name: ManageEngine ADManager Plus - Command Injection
  author: rootxhar

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!