manageengine service desk plus 8.0 - Directory Traversal Vulnerability

EDB-ID: 17437 CVE: 2011-2755... OSVDB-ID: 73310
Verified: Author: Keith Lee Published: 2011-06-23
Download Exploit: Source Raw Download Vulnerable App: N/A
Google Dork:	ie: intitle:ManageEngine ServiceDesk Plus"
Author:		Keith Lee (, @keith55,
Software Link:
Version:	8.0


Directory traversal vulnerabilities has been found in ManageEngine
ServiceDesk Plus 8.0 a web
based helpdesk system written in Java.

The vulnerability can be exploited to access local files by entering
special characters in variables used to create file paths. The attackers
use �../� sequences to move up to root directory, thus permitting
navigation through the file system.

GET http://[webserver

The issue is fixed with Service Pack Build 8012 found in the below link.


Twitter: @keith55