Published: 04/12/2014 Updated: 05/12/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 550
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 up to and including 11.3, Social IT Plus 11.0, and IT360 10.4 and previous versions allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.

Affected Products

Vendor Product Versions
ZohocorpManageengine It36010.4
ZohocorpManageengine Opmanager8.8, 9.0, 9.1, 9.2, 9.4, 10.0, 10.1, 10.2, 11.0, 11.1, 11.2, 11.3
ZohocorpManageengine Social It Plus11.0


## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(upda ...
>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 >> Discovered by Pedro Ribeiro (pedrib@gmailcom), Agile Information Security ========================================================================== Disclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014 >> Backgroun ...

Mailing Lists

ManageEngine OpManager, Social IT Plus, and IT360 suffer from remote code execution via upload and arbitrary file deletion vulnerabilities ...

Metasploit Modules

ManageEngine OpManager and Social IT Arbitrary File Upload

This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

msf > use exploit/multi/http/opmanager_socialit_file_upload
      msf exploit(opmanager_socialit_file_upload) > show targets
      msf exploit(opmanager_socialit_file_upload) > set TARGET <target-id>
      msf exploit(opmanager_socialit_file_upload) > show options
            ...show and set options...
      msf exploit(opmanager_socialit_file_upload) > exploit