This proof of concept detects whether a Manage Engine OpManager instance is vulnerable to CVE-2020-28653. Detection is performed by firing off a request containing the serialized payload to the instance. Upon the payload being deserialized, it will cause the instance to invoke a DNS Lookup.
-
Clone the repository by running:
git clone https://github.com/intrigueio/cve-2020-2853-poc -
Install the required dependencies by running:
bundle install
bundle exec ruby CVE-2020-28653.rb [options]
-t target target to exploit (including scheme) e.g http://localhost:8060
-l listener DNS Listener e.g 1766x23ymcldy2ppolrnvxngc7ix6m.burpcollaborator.net
-p /path/to/ysoserial.jar Path to ysoserial.jar
https://haxolot.com/posts/2021/manageengine_opmanager_pre_auth_rce/