Search the Community
Showing results for tags 'applications'.
Found 2 results
1337day-Exploits posted a topic in Updated ExploitsThis Metasploit module exploits SQL injection and command injection vulnerability in the ManageEngine AM versions 14 and below. View the full article
1337day-Exploits posted a topic in Updated ExploitsThis Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the system using the postgresql structure. The module is written over the payload by selecting a file with the extension ".vbs" that is used for monitoring by the ManageEngine which working with "system" authority. In addition, it dumps the users and passwords from the database for us. After the harmful ".vbs" file is written, the shell session may be a bit late. View the full article