Dark ozpy
When Zimbra XXE and SSRF vulnerability has been found and published by tint0 in his blog i actively do the RnD to reproduce it by using Burp Suite and postman. The result is the CVE are working then i do broadcast to my team for the upgrade ASAP because at that time if anyone publishing the exploit it can lead to RCE (remote code execution) which a lot of things can do such as putting backdoor, etc.
Then i create a script for doing automation to scan several vulnerability zimbra (thanks to shodan and google dorks) if it's found then i do fetch some information and a POC after that i send them an email like this.
Some of them is replying for appreciation (also guide them to do patch) and a lot of them ignoring it :D, the purpose i doing this is purely not for profit just to make awareness. Until comes where the vulnerability has been published in exploit-db then they are screaming.
Here's a part of my automation script by extending my own python Zimbra SOAP api library namely ozpy.
Here's a part of my automation script by extending my own python Zimbra SOAP api library namely ozpy.
What I Learn
These are some points of what i learn from this CVE in my Zimbra implementation:- Considering make a separation between user access end point servers such as Proxy (webmail, imap, pop3) and SMTP (submission, smtps) with mailbox server. by multiserver architecture.
- Just open internet or public access only for necessary server. Mailbox server doesn't required here. DMZ may a good option.
- Monitor for all community forum, mail list for the latest news.
Comments
Post a Comment