POC详情: b37f6e8980c440faeb2560ea165c929b8b8e4c9a

来源
https://github.com/oppsec/arbimz
关联漏洞
标题: Zimbra Collaboration Suite 代码问题漏洞 (CVE-2019-9670)
描述:Synacor Zimbra Collaboration Suite(ZCS)是美国Synacor公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra ZCS 8.5版本至8.7.11版本中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
描述
🔥  Arbimz is a python tool created to exploit the vulnerability on Zimbra assigned as CVE-2019-9670.
介绍
# 🕵️ Arbimz
> 🕵️ XXE in Zimbra Collaboration 8.7.X < 8.7.11p10

<div align="center">
    <img src="./assets/banner.png">
</div>

<br>

<p align="center">
    <img src="https://img.shields.io/github/license/oppsec/Arbimz?color=purple&logo=github&logoColor=purple&style=for-the-badge">
    <img src="https://img.shields.io/github/issues/oppsec/Arbimz?color=purple&logo=github&logoColor=purple&style=for-the-badge">
    <img src="https://img.shields.io/github/stars/oppsec/Arbimz?color=purple&label=STARS&logo=github&logoColor=purple&style=for-the-badge">
    <img src="https://img.shields.io/github/forks/oppsec/Arbimz?color=purple&logo=github&logoColor=purple&style=for-the-badge">
    <img src="https://img.shields.io/github/languages/code-size/oppsec/Arbimz?color=purple&logo=github&logoColor=purple&style=for-the-badge">
</p>

___

<br>

### 🕵️ What is Arbimz?
🕵️ **Arbimz** is a python tool created to exploit the vulnerability defined as CVE-2019-9670 (XXE in Zimbra Collaboration 8.7.X < 8.7.11p10)

<br>

### ⚡ Installing / Getting started

A quick guide of how to install and use Arbimz.

```shell
1. Clone the repository with git clone https://github.com/oppsec/arbimz.git
2. Install the libraries with pip3 install -r requirements.txt
3. Execute Arbimz with: python3 main.py --url https://example.com/
```

<br><br>

### ⚙️ Pre-requisites
- [Python 3](https://www.python.org/downloads/) installed on your machine.
- Install the libraries with `pip3 install -r requirements.txt`

<br><br>

### ✨ Features
- Fast scan & exploiter
- Low RAM and CPU usage
- Auto webshell upload
- Upload error handler

<br><br>

### 🔨 Contributing

A quick guide of how to contribute with the project.

```shell
1. Create a fork from Arbimz repository.
2. Download the project with git clone https://github.com/your/arbimz.git
3. cd arbimz/
4. Make your changes.
5. Commit and make a git push.
6. Open a pull request.
```

<br><br>

### ⚠️ Warning
- The developer is not responsible for any malicious use of this tool.
文件快照

 [4.0K]  /data/pocs/b37f6e8980c440faeb2560ea165c929b8b8e4c9a
├── [4.0K]  arbimz
│   ├── [4.0K]  data
│   │   └── [108K]  user-agents.txt
│   ├── [4.0K]  interface
│   │   ├── [ 174]  menu
│   │   └── [ 267]  ui.py
│   └── [4.0K]  src
│       ├── [ 562]  config.py
│       └── [ 11K]  main.py
├── [4.0K]  assets
│   └── [400K]  banner.png
├── [ 362]  Dockerfile
├── [1.0K]  LICENSE
├── [ 764]  main.py
├── [2.0K]  README.md
├── [  29]  requirements.txt
└── [ 200]  TODO.md

5 directories, 12 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。