Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-29081 PoC — oVirt REST API 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-29081.yaml
Associated Vulnerability
Title:oVirt REST API 路径遍历漏洞 (CVE-2022-29081)
Description:oVirt REST API是一个应用程序编程接口。 oVirt REST API 存在路径遍历漏洞,该漏洞源于7 个 REST API 端点中的访问限制不当。未经身份验证的远程攻击者可以绕过实施的安全限制并获得对应用程序的未经授权的访问,包括服务重启、仪表板访问、许可证管理、证书操作等。该漏洞允许远程攻击者未经授权访问其他受限功能。
Description
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. LicenseMgr. GetProductDetails. GetDashboard. FetchEvents. and Synchronize) via the ../RestAPI substring.
File Snapshot

 id: CVE-2022-29081

info:
  name: Zoho ManageEngine - Access Control Bypass
  author: 0xanis
  sever

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.