CVE-2021-40539

This PoC exploits CVE-2021-40539, an authentication bypass and RCE vulnerability in ManageEngine ADSelfService Plus. It uploads a JSP webshell and a malicious Java class file, then triggers RCE via a crafted request to the RestAPI endpoint.

This repository contains a Python-based exploit for CVE-2021-40539, an RCE vulnerability in ZOHO ManageEngine ADSelfService Plus. The exploit uploads a JSP webshell and a Java class file to achieve remote code execution via a directory traversal and file upload vulnerability.

The repository contains only a README.md file with minimal information about CVE-2021-40539, lacking any exploit code or technical details. No functional PoC or exploit logic is present.

This repository contains a Python-based exploit for CVE-2021-40539, an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus. The exploit uploads a JSP webshell and a Java class file to achieve remote code execution (RCE) on vulnerable systems.

This repository contains a Python-based exploit for CVE-2021-40539, an authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus. The exploit includes functionality to upload a JSP webshell and a Java class payload, then trigger remote code execution via the REST API.

This Metasploit module exploits CVE-2021-40539, an authentication bypass in ManageEngine ADSelfService Plus, to upload and execute a malicious JAR file, achieving remote code execution as the SYSTEM user if the service runs with elevated privileges.