module
ManageEngine OpManager Remote Code Execution
| Disclosed | Created |
|---|---|
| 2015-09-14 | 2018-05-30 |
Disclosed
2015-09-14
Created
2018-05-30
Description
This module exploits a default credential vulnerability in ManageEngine OpManager, where a
default hidden account "IntegrationUser" with administrator privileges exists. The account
has a default password of "plugin" which cannot be reset through the user interface. By
log-in and abusing the default administrator's SQL query functionality, it's possible to
write a WAR payload to disk and trigger an automatic deployment of this payload. This
module has been tested successfully on OpManager v11.0 and v11.4-v11.6 for Windows.
default hidden account "IntegrationUser" with administrator privileges exists. The account
has a default password of "plugin" which cannot be reset through the user interface. By
log-in and abusing the default administrator's SQL query functionality, it's possible to
write a WAR payload to disk and trigger an automatic deployment of this payload. This
module has been tested successfully on OpManager v11.0 and v11.4-v11.6 for Windows.
Author
xistence xistence@0x90.nl
Platform
Java
Architectures
java
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.