header-logo
Suggest Exploit
vendor:
ServiceDesk Plus
by:
Keith Lee
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: ServiceDesk Plus
Affected Version From: 8
Affected Version To: 8
Patch Exists: YES
Related CWE: N/A
CPE: a:manageengine:servicedesk_plus:8.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2012

Directory Traversal Vulnerabilities in ManageEngine ServiceDesk Plus 8.0

Directory traversal vulnerabilities have been found in ManageEngine ServiceDesk Plus 8.0, a web based helpdesk system written in Java. The vulnerability can be exploited to access local files by entering special characters in variables used to create file paths. The attackers use “../” sequences to move up to root directory, thus permitting navigation through the file system.

Mitigation:

The issue is fixed with Service Pack Build 8012 found in the below link: http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus_8_0_0_SP-0_12_0.ppm
Source

Exploit-DB raw data:

Google Dork:	ie: intitle:ManageEngine ServiceDesk Plus"
Author:		Keith Lee (keith.lee2012@gmail.com), @keith55,
http://milo2012.wordpress.com
Software Link:	http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus.exe
Version:	8.0

Description:

Directory traversal vulnerabilities has been found in ManageEngine
ServiceDesk Plus 8.0 a web
based helpdesk system written in Java.

The vulnerability can be exploited to access local files by entering
special characters in variables used to create file paths. The attackers
use �../� sequences to move up to root directory, thus permitting
navigation through the file system.

Request:
GET http://[webserver
IP]:8080/workorder/FileDownload.jsp?module=agent&&FILENAME=%20..\..\..\..\..\..\..\..\..\windows\repair\SAM

The issue is fixed with Service Pack Build 8012 found in the below link.
http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus_8_0_0_SP-0_12_0.ppm


-- 
Keith

Blog: http://www.milo2012.wordpress.com
Twitter: @keith55

Navigation

Suggest Exploit

Services By CQR