CVE-2017-11512 PoC — ZOHO ManageEngine ServiceDesk 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-11512.yaml

Associated Vulnerability

Title:ZOHO ManageEngine ServiceDesk 安全漏洞 (CVE-2017-11512)
Description:ZOHO ManageEngine ServiceDesk是美国卓豪（ZOHO）公司的一套基于web的帮助台(HelpDesk)和资产管理软件。 ZOHO ManageEngine ServiceDesk 9.3.9328版本中存在任意文件下载漏洞，该漏洞源于程序没有限制‘name’参数中的路径名。远程攻击者可利用该漏洞下载任意文件。

Description

ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files.

File Snapshot


 id: CVE-2017-11512

info:
  name: ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!