CVE-2020-28653

The repository contains a functional exploit for CVE-2020-28653, targeting a deserialization vulnerability in AdventNet ManageEngine products (2016-2020). The exploit sends a crafted payload to trigger remote code execution via a vulnerable servlet endpoint.

This repository contains a functional exploit PoC for CVE-2020-28653, a deserialization vulnerability in ManageEngine OpManager. The exploit uses ysoserial to generate a malicious payload that triggers a DNS lookup upon deserialization, confirming vulnerability.

This repository contains a functional exploit for CVE-2020-28653, targeting ManageEngine OPManager. It includes a Java deserialization gadget (CommonsBeanutils1) and a Python script to deliver the payload via HTTP requests to vulnerable endpoints.

This Metasploit module exploits a Java deserialization vulnerability in ManageEngine OpManager's Smart Update Manager component, allowing unauthenticated remote code execution (RCE) as SYSTEM/root. It supports multiple payload types and targets versions 12.1 to 12.5.328.