exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ManageEngine ServiceDesk Plus 8.0 Improper User Privileges

ManageEngine ServiceDesk Plus 8.0 Improper User Privileges
Posted Jul 25, 2011
Authored by Narendra Shinde

ManageEngine ServiceDesk Plus version 8.0 allows a user with limited privileges access to certain functionality that should only be available to administrative users. Proof of concept included.

tags | exploit, proof of concept
SHA-256 | e8ccc4a1e95942aa9e19d5eff1d90052cd550386db0397b0735cad9c2fbbea44

ManageEngine ServiceDesk Plus 8.0 Improper User Privileges

Change Mirror Download
================================================================================
Secur-I Research Group Security Advisory [SRG-2011-002]
================================================================================
Title : ManageEngine ServiceDesk Plus Improper User Privileges Management Vulnerability
Product : ServiceDesk Plus (http://www.manageengine.com/)
Affected Version : 8.0 (Other versions could also be affected)
Fixed Version : N/A
Vunerability Impact : High
Advisory ID : SV-002
Pubished Date : 26-JUL-2011
Author : Narendra Shinde
Secur-I Research Group
http://www.securview.com/
================================================================================

Product Introduction
--------------------
ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT effectively. It helps you implement ITIL best practices and troubleshoot IT service requests faster. ServiceDesk Plus is highly customizable, easy-to-implement help desk software. More than 10,000 IT managers worldwide use ServiceDesk Plus to manage their IT help desk and assets.ServiceDesk Plus is available in 23 different languages.

Source: http://www.manageengine.com/products/service-desk/


Vulnerability Information
-------------------------
Class: Improper Privilege Management [CWE-269]
Impact: Low privileged user can modify application data
Remotely Exploitable: Yes
Authentication Required: Yes
User interaction required: Yes
CVE Name: N/A


Vulnerability Description
-------------------------
A user with limited privileges could gain access to certain functionality that is available only to administrative users. For example, users with Guest privileges could delete backup database from the system by submitting a malicious URI to the vulnerable application. This is due to insufficient security checks on user permissions while completing the backup database deletion operation.


Proof-of-Concept
----------------
An attacker could delete the database backup for the vulnerable application using the following URI:

http://vulnserver/BackupSchedule.do?module=delete_backup&backup_ids=[ID]

By default, backup_ids start with a numeric value of 301.


Fixes/Workarounds
-----------------
Currently there is no vendor supplied fix available for this vulnerability at the time of this publication. Users are advised to limit exposure by enforcing appropriate firewall rules.


TimeLine
--------
Notification to Vendor: 11-Jul-2011
Vendor Confirmation : 14-Jul-2011
Public Disclosure : 26-Jul-2011


Thanks & Regards,
Narendra.

Confidentiality: This e-mail and any attachments may be confidential and may also be privileged. If you are not an intended named recipient, please notify the sender immediately and do not disclose the contents to another person use it for any purpose, or store or copy the information in any medium.
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close