Authentication Bypass and RCE in Zoho ManageEngine ADSelfService Plus

This repository contains a Python exploit script (exploit.py) targeting CVE-2021-40539, a critical authentication bypass and RCE vulnerability in ManageEngine ADSelfService Plus. The exploit works by uploading a JSP webshell and/or a malicious Java class to the vulnerable server via the '/./RestAPI/LogonCustomization' endpoint, then triggering remote code execution through the '/./RestAPI/Connection' endpoint. The script can optionally verify if the target is vulnerable before exploitation. If successful, the attacker gains a webshell at '/help/admin-guide/test.jsp', allowing arbitrary command execution. The repository is structured with a single exploit script and a README referencing external exploitation details. The exploit is operational, providing a working payload and automated exploitation steps.

This repository contains a Python exploit script (CVE-2021-40539.py) targeting Zoho ManageEngine ADSelfService Plus (version 6113 and earlier) for CVE-2021-40539, a critical authentication bypass and remote code execution vulnerability. The script allows both single-target and batch exploitation. It first checks if the target is vulnerable by sending a crafted POST request to the '/./RestAPI/LogonCustomization' endpoint. If vulnerable, it uploads a JSP webshell and a Java class file (either user-supplied or a default payload) to the same endpoint. The exploit then triggers RCE by sending a POST request to '/./RestAPI/Connection', leveraging the uploaded Java class. Finally, it verifies the webshell at '/help/admin-guide/test.jsp', which can be used to execute arbitrary commands on the target system. The repository also includes a README.md with usage instructions and background on the vulnerability. The exploit is operational, providing a working RCE chain with persistent access via the webshell.