what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ManageEngine Desktop Central 9 Cross Site Request Forgery

ManageEngine Desktop Central 9 Cross Site Request Forgery
Posted Feb 3, 2015
Authored by Mohamed Idris

ManageEngine Desktop Central 9 suffers from a cross site request forgery vulnerability.

tags | advisory, csrf
advisories | CVE-2014-9331
SHA-256 | 2e4fb8c812586f7ef6aa7a2e697dfeb70c083d402aff24ce5320163cb6a8eb9a

ManageEngine Desktop Central 9 Cross Site Request Forgery

Change Mirror Download
#####################################
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Desktop Central 9 Allows adding an Admin User
Author: Mohamed Idris - Help AG Middle East
Vendor: ZOHO Corp
Advisory ID: hag20141205
Product: ManageEngine Desktop Central 9
Version: All versions below build 90121
Tested Version: Version 9 Build 90087
Severity: HIGH
CVE Reference: CVE-2014-9331
Fix Link: https://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# About the Product:
Desktop Central is an integrated desktop & mobile device management software that helps in managing the servers, laptops, desktops, smartphones and tablets from a central point.
It automates your regular desktop management routines like installing patches, distributing software, managing your IT Assets, managing software licenses, monitoring software usage statistics, managing USB device usage, taking control of remote desktops, and more. It supports managing both Windows and Mac operating systems.

# Description:
This Cross-Site Request Forgery vulnerability enables an anonymous attacker to add an admin account into the application. This leads to compromising the whole domain as the application normally uses privileged domain account to perform administration tasks.
# Vulnerability Class:
Cross-Site Request Forgery (CSRF) - https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29

# How to Reproduce: (POC):
Host the attached code in a webserver. Then send the link to the application Admin. The admin should be loggedin when he clicks on the link.
You can entice him to do that by using social engineering techniques ;)
Say for example: Log into the application and click the following link to get free licenses

# Disclosure:
Discovered: December 05, 2014
Vendor Notification: December 08, 2014
Advisory Publication: January 31, 2015
Public Disclosure: January 31, 2015

# Affected Targets:
All Desktop Central versions below build 90130. On all platforms (Actually platform doesn't affect the issue).

# Solution:
Upgrade to Build 90130 will fix this issue.
The update can be found at the following link: https://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html

# credits:
Mohamed Idris
Senior Information Security Analyst and Team Leader
Help AG Middle East

# Proof of Concept Video:
https://www.youtube.com/watch?v=MRIZy7EBSF8

# Proof of Concept Code:
https://raw.githubusercontent.com/moha99sa/ManageEngine-Desktop-Central-CSRF/master/README.md

#References:
[1] help AG middle East https://www.helpag.com/.
[2] https://www.manageengine.com/products/desktop-central/
[3] https://www.manageengine.com/products/desktop-central/cve20149331-cross-site-request-forgery.html
[4] https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
[5] Common Vulnerabilities and Exposures (CVE) - https://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close