.. / CVE-2022-23779

Exploit for Zoho ManageEngine - Internal Hostname Disclosure (CVE-2022-23779)

Description:

Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.

Nuclei Template

View the template here CVE-2022-23779.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-23779.yaml

References:

https://github.com/zecool/cve
https://nvd.nist.gov/vuln/detail/CVE-2022-23779
https://github.com/fbusr/CVE-2022-23779
https://github.com/soosmile/POC
https://www.manageengine.com/products/desktop-central/cve-2022-23779.html

.. / CVE-2022-23779 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Zoho ManageEngine - Internal Hostname Disclosure (CVE-2022-23779)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-23779