all InfoSec news
OpManager: CSRF & XS-Leak Chained for Information Disclosure
June 17, 2024, 6:08 p.m. | Jayateertha Guruprasad
InfoSec Write-ups - Medium infosecwriteups.com
ManageEngine OpManager is a powerful network monitoring software that provides deep visibility into the performance of your routers, switches, firewalls, load balancers, wireless LAN controllers, servers, VMs, printers, and storage devices.
OpManager has tools like ping, traceroute etc which authenticated users can access via Web UI.
Let’s take our attacker scenario using the ping tool provided in the Web UI of OpManager.
The API request used for ping tool is — https://OpManager:8061/client/api/json/tools/getPing?actionFrom=scanButton&doAction=Ping&enhancedPingValue=true&ipOrHost=$ {host}&selectedTab=DIAGNOSTIC_TOOLS&selectedToolID=PING&_=${timestamp}
The above API request …
More from infosecwriteups.com / InfoSec Write-ups - Medium
Trust Machine Dockerlabs.es
1 day, 4 hours ago |
infosecwriteups.com
WaniCTF 2024: Forensic Challenges
1 day, 4 hours ago |
infosecwriteups.com
Install Naabu Kali or Parrot
1 day, 4 hours ago |
infosecwriteups.com
DLL Injection With Rust
1 day, 4 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist I: Windows Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
Information Technology Specialist I, LACERA: Information Security Engineer
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Vice President, Controls Design & Development-7
@ State Street | Quincy, Massachusetts
Vice President, Controls Design & Development-5
@ State Street | Quincy, Massachusetts
Data Scientist & AI Prompt Engineer
@ Varonis | Israel
Contractor
@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN