CVE-2024-45519 unauthenticated OS commoand Injection in Zimbra prior to 8.8.15***.CVE-2024-45519 unauthenticated OS commoand Injection in Zimbra prior to 8.8.15***.
[Downlaod link here](https://bit.ly/3Bjuics)
# Details:
what is Journalling?<br>
Journalling is a process which is used for email compliance or archiving purposes.<br>
`Insecure handling of email data` results in unauthenticated command execution in context of `zimbra` user.<br>
The vulnerability occures in certain condition if journalling is configured `which is not a default configuration`,<br>
as its obvious with the journalling process mostl likely its configured by orginizations.<br>
# About:
Process:<br>
While the rules are set for journalling emails, The income emails are processed by MTA (in zimbra case its Postfix)<br>
when it detects that an email matches the journal rules, then it sends a copy of the email to the PostJournal service<br>
and then the PostJournal captures the email data including header,body.............
A complete deep dive (zimbra.pdf) to undrestand the vulnerable code and bypasses of filters and how we can abuse it to acheive Command Injection
</p>
A python script (CVE-2024-45519.py) which trigger the vulnerability and execute user supplied command in context of the zimbra user
can also execute command on single and multiple targets(IP list) with multi-threading capability.<br>
Shodan Dork: http.favicon.hash:1624375939 <br>
20k Ips are included here (ips.txt)<br>
in time of writting 66k results in shodan.<br>
# Download: [here](https://bit.ly/3Bjuics)
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view