OpManager: CSRF & XS-Leak Chained for Information Disclosure

ManageEngine OpManager is a powerful network monitoring software that provides deep visibility into the performance of your routers, switches, firewalls, load balancers, wireless LAN controllers, servers, VMs, printers, and storage devices.

OpManager has tools like ping, traceroute etc which authenticated users can access via Web UI.

Let’s take our attacker scenario using the ping tool provided in the Web UI of OpManager.

The API request used for ping tool is — https://OpManager:8061/client/api/json/tools/getPing?actionFrom=scanButton&doAction=Ping&enhancedPingValue=true&ipOrHost=$ {host}&selectedTab=DIAGNOSTIC_TOOLS&selectedToolID=PING&_=${timestamp}

The above API request …

bug bounty cybersecurity hacking infosec zoho