Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update manageengine_deviceexpert_traversal.rb #11461

Merged
merged 4 commits into from Mar 1, 2019

Conversation

Projects
None yet
3 participants
@jnqpblc
Copy link
Contributor

jnqpblc commented Feb 22, 2019

Changed print_status on line 80 to print_good and added a check for /scheduleresult.de with a return is not a 200 status code.

Update manageengine_deviceexpert_traversal.rb
Changed print_status on line 80 to print_good and added a check for /scheduleresult.de with a return is not a 200 status code.

jnqpblc added some commits Feb 22, 2019

@wchen-r7 wchen-r7 self-assigned this Feb 28, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Feb 28, 2019

I hope I still have this vuln app. I'll try to verify it.

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 28, 2019

I hope I still have this vuln app. I'll try to verify it.

You should be able to retrieve the software from the web archive as per links here:

Edit: @sinn3r This version should be vuln: http://web.archive.org/web/20111204040930/http://www.manageengine.com/products/device-expert/download.html

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Feb 28, 2019

What would I do without @bcoles? Thank you so much!

@wchen-r7 wchen-r7 merged commit 7435913 into rapid7:master Mar 1, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wchen-r7 added a commit that referenced this pull request Mar 1, 2019

@wchen-r7

This comment has been minimized.

Copy link
Contributor

wchen-r7 commented Mar 1, 2019

Release Notes

This adds a check to make sure the web resource exists before performing the directory traversal attack. Also, it will check if the file to loot is found or not.

msjenkins-r7 added a commit that referenced this pull request Mar 1, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.