CVE-2022-28810

Related Files

ManageEngine ADSelfService Plus Custom Script Execution

Posted Apr 21, 2022

Authored by Jake Baines, Andrew Iwamaye, Dan Kelley, Hernan Diaz | Site metasploit.com

This Metasploit module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin" account to insert the malicious payload into the custom script fields. When a user resets their password or unlocks their account, the payload in the custom script will be executed. The payload will be executed as SYSTEM if ADSelfService Plus is installed as a service, which we believe is the normal operational behavior. This is a passive module because user interaction is required to trigger the payload. This module also does not automatically remove the malicious code from the remote target. Use the "TARGET_RESET" operation to remove the malicious custom script when you are done.

tags | exploit, remote, arbitrary

advisories | CVE-2022-28810

SHA-256 | d91150e34529bee9dd92e87b3f063460c0b5e994a412c286b68d6cb26a58d358

Download | Favorite | View