Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-15131 PoC — Zimbra Collaboration Suite 信息泄露漏洞

Source
https://github.com/0x00-0x00/CVE-2018-15131
Associated Vulnerability
Title:Zimbra Collaboration Suite 信息泄露漏洞 (CVE-2018-15131)
Description:An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests.
Description
Zimbra Collaboration Suite Username Enumeration
Readme
# Zimbra Collaboration User Enumeration Script (CVE-2018-15131)

## How to use

The argument --host must be the hostname or IP address of Zimbra Collaboration Web Application root page, and --userlist an list of usernames to check against it.
```
root@kali# ./cve-2018-15131-user-enum.py --host http://mail.target.com --userlist /tmp/emails.txt
```

And it should spill out valid e-mails!

References: https://bugzilla.zimbra.com/show_bug.cgi?id=109012
File Snapshot

 [4.0K]  /data/pocs/ee21d8a3385e8f17a68d0f798885f064c4e95730
├── [1.7K]  cve-2018-15131-user-enum.py
└── [ 453]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →