Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2020-10189 #9591

Merged
merged 8 commits into from
Jul 4, 2024
Merged

CVE-2020-10189 #9591

merged 8 commits into from
Jul 4, 2024

Conversation

king-alexander
Copy link
Contributor

@king-alexander king-alexander commented Apr 16, 2024
edited
Loading

Template / PR Information

This is a new template for a Known Exploited Vulnerability (#7549).

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

The steps to exploit are quite involved, so I wrote the template to detect vulnerable versions.

Additional References:

@GeorginaReeder
Copy link

Thanks so much for your contribution @king-alexander , we really appreciate it!

@DhiyaneshGeek
Copy link
Member

Hi @king-alexander is it possible to update the template with Full POC

Thanks !

@king-alexander
Add Stage 1
4be5978 
Stage 1 is the arbitrary file write. This code creates a new file on
the Zoho ManageEngine server with our serialized exploit, which will be
executed in the next stage.
@king-alexander
Add Stage 2
825b9fb 
Stage 2 triggers the deserialization vulnerability in `getChartImage()`.
@king-alexander
Update description
7f80f00
@king-alexander
Update references
d3087ea 
I referenced Packet Storm for the logic to detect vulnerable versions
and Source Incite for the proof of concept.
@king-alexander
Copy link
Contributor Author

Hey @DhiyaneshGeek, I took a crack at writing the full POC. Take a look and let me know if I can make any other improvements. Thanks for the nudge to look closer at this KEV!

@princechaddha princechaddha added the Status: In Progress This issue is being worked on, and has someone assigned. label Jun 5, 2024
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jun 24, 2024
@DhiyaneshGeek DhiyaneshGeek added Done Ready to merge and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jun 24, 2024
@ritikchaddha
Copy link
Contributor

Hello @king-alexander, thank you so much for sharing this template with the community and contributing to this project 🍻

@ritikchaddha ritikchaddha merged commit 4d91b14 into projectdiscovery:main Jul 4, 2024
2 checks passed
@king-alexander king-alexander deleted the template/CVE-2020-10189 branch July 5, 2024 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ritikchaddha ritikchaddha ritikchaddha approved these changes

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@king-alexander @GeorginaReeder @DhiyaneshGeek @ritikchaddha @princechaddha