Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2018-10949 PoC — Zimbra Collaboration Suite mailboxd 代码问题漏洞

Source
https://github.com/0x00-0x00/CVE-2018-10949
Associated Vulnerability
Title:Zimbra Collaboration Suite mailboxd 代码问题漏洞 (CVE-2018-10949)
Description:mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
Description
Zimbra Collaboration Suite Username Enumeration
Readme
# Zimbra Collaboration User Enumeration Script (CVE-2018-10949)

## How to use

The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it.
```
root@kali# ./cve-2018-10949-user-enum.py --host http://mail.target.com --userlist /tmp/emails.txt
```

And it should spill out valid e-mails!

References: https://www.cvedetails.com/cve/CVE-2018-10949
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →