Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9670 PoC — Zimbra Collaboration Suite 代码问题漏洞

Source
https://github.com/oppsec/zaber
Associated Vulnerability
Title:Zimbra Collaboration Suite 代码问题漏洞 (CVE-2019-9670)
Description:Synacor Zimbra Collaboration Suite(ZCS)是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra ZCS 8.5版本至8.7.11版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
Description
🕵️ Yet another CVE-2019-9670 exploit, but in Golang.
Readme
# 🕵️ Zaber
> Yet another CVE-2019-9670 exploit, but in Golang

<div align="center">
    <img src="./assets/preview.png" width="800">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/zaber?color=cyan&label=STARS&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/forks/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
</p>

___

<br>

### 🕵️ What is Zaber?
🕵️ **Zaber** is a Golang tool created to exploit the vulnerability defined as CVE-2019-9670 (XXE in Zimbra Collaboration 8.7.X < 8.7.11p10)

<br>

### ⚡ Installing / Getting started

A quick guide of how to install and use Zaber.

```shell
1. go install github.com/oppsec/zaber
2. zaber -u https://example.com
```

You can use `go install github.com/oppsec/zaber@latest` to update the tool

<br><br>

### ⚙️ Pre-requisites
- [Golang](https://go.dev/dl/) installed on your machine.

<br><br>

### ✨ Features
- Extremely fast
- Low RAM and CPU usage
- Made in Go

<br><br>

### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell
1. Create a fork from Zaber repository.
2. Download the project with git clone https://github.com/your/zaber.git
3. cd zaber/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.
```

<br><br>

### ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
File Snapshot

 [4.0K]  /data/pocs/2f09948eb9b6455dfe62c93cd5389685b1b680fd
├── [4.0K]  assets
│   └── [ 84K]  preview.png
├── [ 314]  go.mod
├── [2.1K]  go.sum
├── [1.0K]  LICENSE
├── [ 477]  main.go
├── [1.8K]  README.md
└── [4.0K]  src
    ├── [4.0K]  interface
    │   └── [ 195]  ui.go
    └── [4.0K]  zaber
        └── [1.6K]  exploit.go

4 directories, 8 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.