By the LFI caused by the Zimbra mail management system of 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201441861
Type myhack58
Reporter Phithon
Modified 2014-01-17T00:00:00


Zimbra is a company with a lot of the mail system, may relate to many of the company's internal confidential, it is extremely important.

This is a few days ago on exploit-db. com on the issue to the 0day to:<> it. By a local file inclusion vulnerability can be seen localconfig. xml content, and this file contains the LDAP credentials, by this voucher by/service/admin/soap file under the API to the mail system for unauthorized operation.

0x01 vulnerability demo

In the Baidu search for“make Zimbra Desktop is offline”, you will find many using the Zimbra system:

! 05.jpg

We found our target site, with only a simple use of our exp to:

! 01.jpg

Tips Successfully, then I use the new account login, success:

! 02.jpg

See that there is an“administrator console”, because this account is administrator privileges, the point go in you can manage all users, of course, from company CEOs to customer service, all mail view. This is the management home:

! 04.jpg

0x02 exp running process description

[1] [2] [3] [4] [5] next