CVE-2022-28987 PoC — ZOHO ManageEngine ADSelfService Plus 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-28987.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ADSelfService Plus 安全漏洞 (CVE-2022-28987)
Description:ZOHO ManageEngine ADSelfService Plus是美国卓豪（ZOHO）公司的针对 Active Directory 和云应用程序的集成式自助密码管理和单点登录解决方案。 ZOHO ManageEngine ADSelfService Plus 6.1版本存在安全漏洞。攻击者利用该漏洞通过 /ServletAPI/accounts/login 的特制的 POST 请求执行用户名枚举。

Description

Zoho ManageEngine ADSelfService Plus 6121 is vulnerable to username enumeration (CVE-2022-28987). The Forgot Password functionality responds differently for existing and non-existing users, allowing attackers to enumerate valid usernames.

File Snapshot


 id: CVE-2022-28987

info:
  name: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!