CVE-2014-100002
published 2015-01-13CVE-2014-100002: Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot…
PriorityP351medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
59.86%
99.0th percentile
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_supportcenter_plus | <= 7.9 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP POST requests to /WorkOrder.do containing URL-encoded directory traversal sequences (..%2f or %2F..%2F) in the 'attach' parameter. ↗
- →Flag POST requests to /WorkOrder.do where the 'attach' parameter contains multiple encoded slash-dot sequences (%2F..%2F) indicative of path traversal attempts to reach files like /etc/passwd. ↗
- →Monitor for ticket creation (addWO=addWO) combined with suspicious attPath or attach parameter values referencing server-side file paths outside the application directory. ↗
- →Alert on Metasploit auxiliary module activity targeting ManageEngine Support Center Plus: module creates a support ticket with a traversal-linked attachment and then retrieves it to exfiltrate server files. ↗
- ·Exploitation requires only normal (guest/requester) user privileges — no admin account needed — making unauthenticated or low-privilege accounts a viable attack vector. ↗
- ·On Windows deployments, file reads occur with SYSTEM privileges; on Linux, typically as root — maximising the sensitivity of exfiltrated data. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ManageEngine Support Center Plus 7916 - Directory Traversal
exploitdb·2014-01-29
CVE-2014-100002 ManageEngine Support Center Plus 7916 - Directory Traversal
ManageEngine Support Center Plus 7916 - Directory Traversal
---
Author:
xistence
Affected products:
ManageEngine Support Center Plus 7916 and lower
Affected vendors:
ManageEngine
http://www.manageengine.com/
Product description:
SupportCenter Plus is a web-based customer support software that lets
organizations effectively manage customer tickets,
their account & contact information, the service contracts and in the
process providing a superior customer experience.
Details:
[ 0x01 - Directory Traversal ]
Support Center Plus 7916 and lower is prone to a directory traversal
vulnerability. When creating a ticket and attaching
a file, this can be tampered to link to a local file on the server side.
By downloading the attachment from the ticket, the server file is
downloaded with th
Metasploit
ManageEngine Support Center Plus Directory Traversal
metasploit
ManageEngine Support Center Plus Directory Traversal
ManageEngine Support Center Plus Directory Traversal
This module exploits a directory traversal vulnerability found in ManageEngine Support Center Plus build 7916 and lower. The module will create a support ticket as a normal user, attaching a link to a file on the server. By requesting our own attachment, it's possible to retrieve any file on the filesystem with the same privileges as Support Center Plus is running. On Windows this is always with SYSTEM privileges.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/102656http://www.exploit-db.com/exploits/31262https://exchange.xforce.ibmcloud.com/vulnerabilities/90806https://supportcenter.wiki.zoho.com/ReadMe-V2.htmlhttp://osvdb.org/show/osvdb/102656http://www.exploit-db.com/exploits/31262https://exchange.xforce.ibmcloud.com/vulnerabilities/90806https://supportcenter.wiki.zoho.com/ReadMe-V2.html
2015-01-13
Published