CVE-2018-15131 PoC — Zimbra Collaboration Suite 信息泄露漏洞

Source

https://github.com/0x00-0x00/CVE-2018-15131

Associated Vulnerability

Title:Zimbra Collaboration Suite 信息泄露漏洞 (CVE-2018-15131)
Description:Zimbra Collaboration Suite（ZCS）是美国Zimbra公司的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra ZCS中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。以下产品及版本受到影响：Zimbra ZCS 8.6.0 Patch 11之前的8.6.x版本，8.7.11 Patch 6之前的8.7.x版本，8.8.8 Patch 9之前的8.8.x版本，8.8.9 Patch

Description

Zimbra Collaboration Suite Username Enumeration

Readme

# Zimbra Collaboration User Enumeration Script (CVE-2018-15131)

## How to use

The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it.
```
root@kali# ./cve-2018-15131-user-enum.py --host http://mail.target.com --userlist /tmp/emails.txt
```

And it should spill out valid e-mails!

References: https://bugzilla.zimbra.com/show_bug.cgi?id=109012

File Snapshot


 [4.0K]  /data/pocs/ee21d8a3385e8f17a68d0f798885f064c4e95730
├── [1.7K]  cve-2018-15131-user-enum.py
└── [ 453]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!