支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: 7f147259ff254396a37c0a972fce6b8eaf7ca144

来源
https://github.com/aslitsecurity/Zimbra-CVE-2022-30333
关联漏洞
标题:UnRAR 路径遍历漏洞 (CVE-2022-30333)
描述:UnRAR是一个可解压rar后缀文件的命令。 UnRAR 6.12 之前版本存在安全漏洞,该漏洞源于允许在提取(也称为解包)操作期间目录遍历写入文件,如创建 ~/.ssh/authorized_keys 文件所示。
描述
Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.
介绍
# Zimbra-CVE-2022-30333
Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.

# CVE-2022-30333 Zimbra UNRAR vulnerability. Unrar till V 6.11 vulnerable. Make sure your .jsp shell is undetected. This exploit will work on zimbra installed on default path.
# Place your webshell in folder root_ver. Remove existing shell.jsp file. And then rar the root_ver folder. Not ZIP, only rar. Then  python CVE-2022-30333.py root_ver.rar output.rar. Output.rar is the file you need to send.

# Do not add more than 1 file on root_ver/ folder.
# It can take few minutes for the shell to be extracted, or sometimes email is delivered late. 
# Your shell will be extracted at domain.com/yourshellname.jsp
文件快照

 [4.0K]  /data/pocs/7f147259ff254396a37c0a972fce6b8eaf7ca144
├── [1.6K]  CVE-2022-30333_webroot.py
├── [ 732]  README.md
└── [4.0K]  root_ver
    └── [   1]  shell.jsp

1 directory, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。