exploit the possibilities

ManageEngine ServiceDesk Plus 9.0 Privilege Escalation

ManageEngine ServiceDesk Plus 9.0 Privilege Escalation
Posted Jan 23, 2015
Authored by Muhammed Ahmed Siddiqui | Site rewterz.com

ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.

tags | exploit, remote
MD5 | a0c4e91c463cdb5388a57a6abdf28a25

ManageEngine ServiceDesk Plus 9.0 Privilege Escalation

Change Mirror Download
================================================================================
[REWTERZ-20140103] - Rewterz - Security Advisory
================================================================================

Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
Product: ServiceDesk Plus (http://www.manageengine.com/)
Affected Version: 9.0 (Other versions could also be affected)
Fixed Version: 9.0 Build 9031
Vulnerability Impact: Low
Advisory ID: REWTERZ-20140103
Published Date: 22-Jan-2015
Researcher: Muhammad Ahmed Siddiqui
Email: ahmed [at] rewterz.com
URL: http://www.rewterz.com/vulnerabilities/manageengine-servicedesk-plus-user-privileges-management-vulnerability

================================================================================


Product Introduction
===============

ServiceDesk Plus is a help desk software with integrated asset and
project management built on the ITIL framework. It is available in 29
different languages and is used by more than 85,000 companies, across
186 countries, to manage their IT help desk and assets.


Source: http://www.manageengine.com/products/service-desk/


Vulnerability Information
===================

Class: Improper Privilege Management
Impact: Low privileged user can access application data
Remotely Exploitable: Yes
Authentication Required: Yes
User interaction required: Yes
CVE Name: N/A


Vulnerability Description
==================

A user with limited privileges could gain access to certain
functionality that is available only to administrative users. For
example, users with Guest privileges can see the subjects of the
tickets, stats and other information related to tickets.


Proof-of-Concept
=============

http://127.0.0.1:8080/servlet/AJaxServlet?action=getTicketData&search=dateCrit

http://127.0.0.1:8080/swf/flashreport.swf

http://127.0.0.1:8080/reports/flash/details.jsp?group=Site

http://127.0.0.1:8080/reports/CreateReportTable.jsp?site=0



Timeline
======

23-Dec-2014 – Notification to Vendor
24-Dec-2014 – Response from Vendor
30-Dec-2014 – Vulnerability fixed by Vendor


About Rewterz
===========

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services. Our
strategy revolves around the need to provide round-the-clock quality
information security services and solutions to our customers. We
maintain this standard through our highly skilled and professional
team, and custom-designed, customer-centric services and products.

http://www.rewterz.com


Complete list of vulnerability advisories published by Rewterz:

http://www.rewterz.com/resources/security-advisories

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    10 Files
  • 7
    Dec 7th
    1 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    15 Files
  • 10
    Dec 10th
    30 Files
  • 11
    Dec 11th
    8 Files
  • 12
    Dec 12th
    20 Files
  • 13
    Dec 13th
    6 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close