POC详情: 61faf1965993d93bb0a2271c9b769ce97f01567a

来源
https://github.com/000pp/zaber
关联漏洞
标题: Zimbra Collaboration Suite 代码问题漏洞 (CVE-2019-9670)
描述:Synacor Zimbra Collaboration Suite(ZCS)是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra ZCS 8.5版本至8.7.11版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
描述
🕵️ Yet another CVE-2019-9670 exploit, but in Golang.
介绍
# 🕵️ Zaber
> Yet another CVE-2019-9670 exploit, but in Golang

<div align="center">
    <img src="./assets/preview.png" width="800">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/zaber?color=cyan&label=STARS&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/forks/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/zaber?color=cyan&logo=github&logoColor=cyan&style=for-the-badge">
</p>

___

<br>

### 🕵️ What is Zaber?
🕵️ **Zaber** is a Golang tool created to exploit the vulnerability defined as CVE-2019-9670 (XXE in Zimbra Collaboration 8.7.X < 8.7.11p10)

<br>

### ⚡ Installing / Getting started

A quick guide of how to install and use Zaber.

```shell
1. go install github.com/oppsec/zaber
2. zaber -u https://example.com
```

You can use `go install github.com/oppsec/zaber@latest` to update the tool

<br><br>

### ⚙️ Pre-requisites
- [Golang](https://go.dev/dl/) installed on your machine.

<br><br>

### ✨ Features
- Extremely fast
- Low RAM and CPU usage
- Made in Go

<br><br>

### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell
1. Create a fork from Zaber repository.
2. Download the project with git clone https://github.com/your/zaber.git
3. cd zaber/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.
```

<br><br>

### ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
文件快照
 [4.0K]  /data/pocs/61faf1965993d93bb0a2271c9b769ce97f01567a
├── [4.0K]  assets
│   └── [ 84K]  preview.png
├── [ 314]  go.mod
├── [2.1K]  go.sum
├── [1.0K]  LICENSE
├── [ 477]  main.go
├── [1.8K]  README.md
└── [4.0K]  src
    ├── [4.0K]  interface
    │   └── [ 195]  ui.go
    └── [4.0K]  zaber
        └── [1.6K]  exploit.go

4 directories, 8 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。