CVE-2014-100002

This exploit demonstrates a directory traversal vulnerability in ManageEngine Support Center Plus 7916 and lower. By manipulating the attachment parameter in a POST request, an attacker can read arbitrary files on the server with the privileges of the application (often SYSTEM on Windows or root on Linux).

This Metasploit module exploits a directory traversal vulnerability in ManageEngine Support Center Plus (build 7916 and lower) to retrieve arbitrary files from the server filesystem. It authenticates as a user, creates a support ticket with a malicious file attachment path, and then downloads the file using the generated file ID and auth key.