CVE-2021-31159 PoC — Zoho ManageEngine ServiceDesk Plus MSP 安全漏洞

Source

https://github.com/ricardojoserf/CVE-2021-31159

Associated Vulnerability

Title:Zoho ManageEngine ServiceDesk Plus MSP 安全漏洞 (CVE-2021-31159)
Description:ZOHO ManageEngine ServiceDesk Plus（SDP）是美国卓豪（ZOHO）公司的一套基于ITIL架构的IT服务管理软件。该软件集成了事件管理、问题管理、资产管理IT项目管理、采购与合同管理等功能模块。 Zoho ManageEngine ServiceDesk Plus MSP存在安全漏洞，该漏洞源于Zoho ManageEngine ServiceDesk Plus MSP容易受到用户枚举错误的攻击，这是由于在忘记密码功能中产生不正确的错误消息。

Description

Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) - https://ricardojoserf.github.io/CVE-2021-31159/

Readme

# Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159)

This script takes advantage of ServiceDesk Plus before build 10519 having different output in the password recovery functionality: if the user exists it returns a message claiming an email has been sent but if it does not exist the message is always the same. 

Knowing this it is possible to enumerate accounts in the application or, what we will try to exploit with this script, accounts of an Active Directory if AD authentication is enabled. Very useful when the application is open to the internet and the format of the AD user accounts (for example, name initial + surname) is known.

```
python3 exploit.py -t TARGET_URL -d DOMAIN -u USERSFILE [-o OUTPUTFILE]
```

File Snapshot


 [4.0K]  /data/pocs/f3fb4d7166c52029c3f7dbb2574084e4374c28f7
├── [2.2K]  exploit.py
└── [ 768]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!