Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-7091 PoC — Zimbra ‘skin’参数目录遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2013/CVE-2013-7091.yaml
Associated Vulnerability
Title:Zimbra ‘skin’参数目录遍历漏洞 (CVE-2013-7091)
Description:Zimbra Collaboration Suite(ZCS)是美国Zimbra公司的一款开源协同办公套件,它包括WebMail、日历、通信录等。 Zimbra中的/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz脚本中存在目录遍历漏洞。远程攻击者可借助特制‘skin’参数利用该漏洞读取任意文件。
Description
A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
File Snapshot

 id: CVE-2013-7091

info:
  name: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
  auth

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.