exploit the possibilities

ManageEngine Desktop Central 9 Cross Site Request Forgery

ManageEngine Desktop Central 9 Cross Site Request Forgery
Posted Feb 3, 2015
Authored by Mohamed Idris

ManageEngine Desktop Central 9 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-9331
MD5 | 5d0ef06ecf94cd95b27ee299fb871b7d

ManageEngine Desktop Central 9 Cross Site Request Forgery

Change Mirror Download
#####################################
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Desktop Central 9 Allows adding an Admin User
Author: Mohamed Idris - Help AG Middle East
Vendor: ZOHO Corp
Advisory ID: hag20141205
Product: ManageEngine Desktop Central 9
Version: All versions below build 90121
Tested Version: Version 9 Build 90087
Severity: HIGH
CVE Reference: CVE-2014-9331
Fix Link: http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# About the Product:
Desktop Central is an integrated desktop & mobile device management software that helps in managing the servers, laptops, desktops, smartphones and tablets from a central point.
It automates your regular desktop management routines like installing patches, distributing software, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops, and more. It supports managing both Windows and Mac operating systems.

# Description:
This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an admin account into the application. This leads to compromising the whole domain as the application normally uses privileged domain account to perform administration tasks.
# Vulnerability Class:
Cross-Site Request Forgery (CSRF) - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

# How to Reproduce: (POC):
Host the attached code in a webserver. Then send the link to the application Admin. The admin should be loggedin when he clicks on the link.
You can entice him to do that by using social engineering techniques ;)
Say for example: Log into the application and click the following link to get free licenses

# Disclosure:
Discovered: December 05, 2014
Vendor Notification: December 08, 2014
Advisory Publication: January 31, 2015
Public Disclosure: January 31, 2015

# Affected Targets:
All Desktop Central versions below build 90130. On all platforms (Actually platform doesn't affect the issue).

# Solution:
Upgrade to Build 90130 will fix this issue.
The update can be found at the following link: http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# credits:
Mohamed Idris
Senior Information Security Analyst and Team Leader
Help AG Middle East

# Proof of Concept Video:
https://www.youtube.com/watch?v=MRIZy7EBSF8

# Proof of Concept Code:
https://raw.githubusercontent.com/moha99sa/ManageEngine-Desktop-Central-CSRF/master/README.md

#References:
[1] help AG middle East http://www.helpag.com/.
[2] http://www.manageengine.com/products/desktop-central/
[3] http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html
[4] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
[5] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
Login or Register to add favorites

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close