ManageEngine Support Center Plus Multiple Security Vulnerabilities
25 Oct. 2012
ManageEngine Support Center Plus is prone to a cross-site scripting vulnerability, an arbitrary-file-upload vulnerability, and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
The information has been provided by xistence.
* ManageEngine Support Center Plus 7908
Attackers can exploit these issues to steal cookie-based authentication information, execute arbitrary scripts in the context of the browser, upload and execute arbitrary files in the context of the affected site, and launch other attacks.
It's possible to bypass the image extension check in the ticket creation editor. Normally you would go to Requests -> New Request -> select the "Insert Image" to upload a picture to be included in the ticket and is restricted to jpg/gif/png files. If you send a POST request directly to the /jsp/UploadImage.jsp?Module=Workorder url you'll be able to upload any file. This might lead to uploading web site files which could be used for malicious actions (backdoors/shells).
Below a sample POST request, note that a valid cookie is needed (and be authenticated) to perform these actions. The POST request uploads a file test.txt with the contents "TEST!"