Commit Graph

9 Commits (fc37bee12823b1876c32530245b60c7b29721111)

Author SHA1 Message Date
GitHub Action b63d8c9c33 Auto Template Signing [Thu Jul 4 08:30:18 UTC 2024] 🤖 2024-07-04 08:30:18 +00:00
Ritik Chaddha c7da7e51d0
update req 2024-07-04 13:55:16 +05:30
Dhiyaneshwaran 0d6238b97b
fix template 2024-06-24 16:24:10 +05:30
Alexander King d3087ea35f
Update references
I referenced Packet Storm for the logic to detect vulnerable versions
and Source Incite for the proof of concept.
2024-04-30 13:22:39 -05:00
Alexander King 7f80f000b4
Update description 2024-04-30 13:19:31 -05:00
Alexander King 825b9fbed4
Add Stage 2
Stage 2 triggers the deserialization vulnerability in `getChartImage()`.
2024-04-30 13:13:14 -05:00
Alexander King 4be597880b
Add Stage 1
Stage 1 is the arbitrary file write. This code creates a new file on
the Zoho ManageEngine server with our serialized exploit, which will be
executed in the next stage.
2024-04-30 12:05:23 -05:00
Alexander King a58c0036b9
Fix trailing whitespace 2024-04-16 14:25:58 -05:00
Alexander King 8a5bde391b
Create CVE-2020-10189 template 2024-04-16 14:15:38 -05:00