CVE-2020-7796 PoC — Zimbra Collaboration Suite 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-7796.yaml

Associated Vulnerability

Title:Zimbra Collaboration Suite 代码问题漏洞 (CVE-2020-7796)
Description:Zimbra Collaboration Suite（ZCS）是美国Synacor的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 7之前版本中存在代码问题漏洞。在安装有WebEx zimlet并启用zimlet JSP时，攻击者可借助特制‘argument’参数利用该漏洞实施服务器请求伪造攻击（SSRF）。

Description

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled.

File Snapshot


 id: CVE-2020-7796

info:
  name: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request F

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!