The Exploit

Notes from the Front Lines of Penetration Testing

  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
  • Members of the Pensacola Catholic High School “Crubotics” team with their ROV.
  • CVE-2022-25245: ManageEngine Asset Explorer Information Leakage
  • CVE-2022-24681: ManageEngine AD SelfService Plus Stored Cross-Site Scripting (XSS)
  • Simultaneous Sessions
  • Jim McClellan
  • Web App Testing: Part Two
  • Web App Testing: Part One
  • Matt Dunn Mathur
  • Mark Fabian