exploit the possibilities

ManageEngine Desktop Central 9 Cross Site Request Forgery

ManageEngine Desktop Central 9 Cross Site Request Forgery
Posted Feb 3, 2015
Authored by Mohamed Idris

ManageEngine Desktop Central 9 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-9331
MD5 | 5d0ef06ecf94cd95b27ee299fb871b7d

ManageEngine Desktop Central 9 Cross Site Request Forgery

Change Mirror Download
#####################################
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Desktop Central 9 Allows adding an Admin User
Author: Mohamed Idris - Help AG Middle East
Vendor: ZOHO Corp
Advisory ID: hag20141205
Product: ManageEngine Desktop Central 9
Version: All versions below build 90121
Tested Version: Version 9 Build 90087
Severity: HIGH
CVE Reference: CVE-2014-9331
Fix Link: http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# About the Product:
Desktop Central is an integrated desktop & mobile device management software that helps in managing the servers, laptops, desktops, smartphones and tablets from a central point.
It automates your regular desktop management routines like installing patches, distributing software, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops, and more. It supports managing both Windows and Mac operating systems.

# Description:
This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an admin account into the application. This leads to compromising the whole domain as the application normally uses privileged domain account to perform administration tasks.
# Vulnerability Class:
Cross-Site Request Forgery (CSRF) - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

# How to Reproduce: (POC):
Host the attached code in a webserver. Then send the link to the application Admin. The admin should be loggedin when he clicks on the link.
You can entice him to do that by using social engineering techniques ;)
Say for example: Log into the application and click the following link to get free licenses

# Disclosure:
Discovered: December 05, 2014
Vendor Notification: December 08, 2014
Advisory Publication: January 31, 2015
Public Disclosure: January 31, 2015

# Affected Targets:
All Desktop Central versions below build 90130. On all platforms (Actually platform doesn't affect the issue).

# Solution:
Upgrade to Build 90130 will fix this issue.
The update can be found at the following link: http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# credits:
Mohamed Idris
Senior Information Security Analyst and Team Leader
Help AG Middle East

# Proof of Concept Video:
https://www.youtube.com/watch?v=MRIZy7EBSF8

# Proof of Concept Code:
https://raw.githubusercontent.com/moha99sa/ManageEngine-Desktop-Central-CSRF/master/README.md

#References:
[1] help AG middle East http://www.helpag.com/.
[2] http://www.manageengine.com/products/desktop-central/
[3] http://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html
[4] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
[5] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
Login or Register to add favorites

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close