Summary:
CVE: CVE-2022-47966
Target: Live .edu university helpdesk running ManageEngine ServiceDesk
Version Range: 11001 – 14003
Access Level: ROOT shell (confirmed)
Vector: Pre-auth Remote Code Execution via SAML payload to /ssoLogin
Exposure: Public port 443, no WAF, no EDR observed
Proof Highlights:
Open to escrow !!!
Contact:
Username: AstraLoom
Email: astra.protocol@Proton.me
⚠️ Notes:
– AstraLoom
CVE: CVE-2022-47966
Target: Live .edu university helpdesk running ManageEngine ServiceDesk
Version Range: 11001 – 14003
Access Level: ROOT shell (confirmed)
Vector: Pre-auth Remote Code Execution via SAML payload to /ssoLogin
Exposure: Public port 443, no WAF, no EDR observed
Proof Highlights:
- Favicon hash: 1602258442 (confirmed vulnerable version)
- HTML login form confirms SAML + j_security_check
- Root shell obtained via SAML injection
- Redacted proof (curl dump, headers, shell response) available to serious buyers
- Python3 exploit script (clean + ready)
- Proof bundle (login HTML, header dump, screenshot)
- Exploit details for chaining and lateral options
Open to escrow !!!
Contact:
Username: AstraLoom
Email: astra.protocol@Proton.me
⚠️ Notes:
- Target domain not disclosed until buyer is vetted
- No copies, no reshare, no script kiddies
- Root is real. This is not a test.
– AstraLoom