.. / CVE-2021-40539

Exploit for Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution (CVE-2021-40539)

Description:

Zoho ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass vulnerability that can lead to remote code execution.

Nuclei Template

View the template here CVE-2021-40539.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-40539.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-40539
https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
https://www.manageengine.com
https://github.com/synacktiv/CVE-2021-40539

.. / CVE-2021-40539 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zoho ManageEngine ADSelfService Plus v6113 - Unauthenticated Remote Command Execution (CVE-2021-40539)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-40539