packetstorm_rss ([info]packetstorm_rss) rakstīja,
@ 2013-12-23 15:35:00

Previous Entry  Add to memories!  Tell a Friend!  Next Entry
Zimbra Collaboration Server LFI
This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to create an authentication token for the admin web interface. This access can be used to achieve remote code execution. This Metasploit module has been tested on Zimbra Collaboration Server 8.0.2 with Ubuntu Server 12.04.


Neesi iežurnalējies. Iežurnalēties?