/CVE-2019-10008

ManageEngine Service Desk Plus 10.0 Privilaged account Hijacking

Primary LanguagePython

CVE-2019-10008

ManageEngine Service Desk Plus 9.3 Privilaged account Hijacking

Date: 30-03-2019

Exploit Author: Ata Hakçıl, Melih Kaan Yıldız

Vendor: ManageEngine

Vendor Homepage: www.manageengine.com

Product: Service Desk Plus

Version: 10.0

Tested On: Windows 10 64 bit

CVE : 2019-10008

Complete Poc will be re-released after vendor patch.

More Info:

https://flameofignis.com/en/vuln/CVE-2019-10008

https://www.youtube.com/watch?v=fCea6yRkkSQ

Details

A security vulnerability was discovered on Service Desk Plus 9.3 It is caused by how session cookies are handled, and causes an attacker with any valid credentials to authenticate as another user without password.

How to use

Change the host, low_username, low_password and high_username variables depending on what you have. Low username and password is an account you have access to. high_username is account you want to authenticate as.

After running the script, it will output you the cookies that you can set on your browser to login to the high_username without password. Run this script on a Linux OS.