How to exploit CVE-2021-40539 on ManageEngine ADSelfService Pl | PT SWARM
How toexploit CVE-2021-40539 on ManageEngine ADSelfService Plus
by Antoine Cervoise, Wilfried Bécard
ADSS offers multiple functionalities such as managing password policies for administrators or self password reset/account unlock for Active Directory users. In this article research team explore the details of several vulnerabilities that allow an unauthenticated attacker to execute arbitrary code on the server.
Contents: • First steps • Authentication Bypass • Arbitrary file upload through the API • Arguments injection • Chaining everything together to get code execution • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...