Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2020-10189 #9591

Merged

Conversation

king-alexander
Copy link
Contributor

@king-alexander king-alexander commented Apr 16, 2024

Template / PR Information

This is a new template for a Known Exploited Vulnerability (#7549).

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

The steps to exploit are quite involved, so I wrote the template to detect vulnerable versions.

Additional References:

@GeorginaReeder
Copy link

Thanks so much for your contribution @king-alexander , we really appreciate it!

@DhiyaneshGeek
Copy link
Member

Hi @king-alexander is it possible to update the template with Full POC

Thanks !

@king-alexander king-alexander force-pushed the template/CVE-2020-10189 branch from 88d2f78 to 2ec9eeb Compare April 30, 2024 17:02
Stage 1 is the arbitrary file write. This code creates a new file on
the Zoho ManageEngine server with our serialized exploit, which will be
executed in the next stage.
@king-alexander king-alexander force-pushed the template/CVE-2020-10189 branch from 2ec9eeb to 4be5978 Compare April 30, 2024 17:05
Stage 2 triggers the deserialization vulnerability in `getChartImage()`.
I referenced Packet Storm for the logic to detect vulnerable versions
and Source Incite for the proof of concept.
@king-alexander
Copy link
Contributor Author

Hey @DhiyaneshGeek, I took a crack at writing the full POC. Take a look and let me know if I can make any other improvements. Thanks for the nudge to look closer at this KEV!

@princechaddha princechaddha added the Status: In Progress This issue is being worked on, and has someone assigned. label Jun 5, 2024
@DhiyaneshGeek DhiyaneshGeek self-assigned this Jun 24, 2024
@DhiyaneshGeek DhiyaneshGeek added Done Ready to merge and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jun 24, 2024
@ritikchaddha
Copy link
Contributor

Hello @king-alexander, thank you so much for sharing this template with the community and contributing to this project 🍻

@ritikchaddha ritikchaddha merged commit 4d91b14 into projectdiscovery:main Jul 4, 2024
2 checks passed
@king-alexander king-alexander deleted the template/CVE-2020-10189 branch July 5, 2024 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Done Ready to merge
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants