Dark ozpy

When Zimbra XXE and SSRF vulnerability has been found and published by tint0 in his blog i actively do the RnD to reproduce it by using Burp Suite and postman. The result is the CVE are working then i do broadcast to my team for the upgrade ASAP because at that time if anyone publishing the exploit it can lead to RCE (remote code execution) which a lot of things can do such as putting backdoor, etc.

Then i create a script for doing automation to scan several vulnerability zimbra (thanks to shodan and google dorks) if it's found then i do fetch some information and a POC after that i send them an email like this.

 
Some of them is replying for appreciation (also guide them to do patch) and a lot of them ignoring it :D, the purpose i doing this is purely not for profit just to make awareness. Until comes where the vulnerability has been published in exploit-db then they are screaming.

Here's a part of my automation script by extending my own python Zimbra SOAP api library namely ozpy.

What I Learn

These are some points of what i learn from this CVE in my Zimbra implementation:
  • Considering make a separation between user access end point servers such as Proxy (webmail, imap, pop3) and SMTP (submission, smtps) with mailbox server. by multiserver architecture.
  • Just open internet or public access only for necessary server. Mailbox server doesn't required here. DMZ may a good option.
  • Monitor for all community forum, mail list for the latest news.

Comments

Post a Comment

Popular posts from this blog

Disable sending telemetry data in DotNet

Recently i am working with an open source application which built using DotNet (C#), but while i watching some data flow outside using command netstat the DotNet is make connection outside, then when i figure it out it's belong to azure's in singapore. Then i do some search in google then what i'm found is DotNet is sending telemetry data then for disable it by set an environment variable export DOTNET_CLI_TELEMETRY_OPTOUT=1 For set permanently you may add it in /etc/profile , After that it disable sending telemetry data.
Read more

Menambahkan Library Path Pada Pycharm

Image
Pada saat menggunakan pycharm saya mengalami kendala pada saat ingin menggunakan external library diluar dari library yang dipasang via PIP (biasanya dalam virtual environment). Meskipun direktori yang berisikan external library tersebut sudah dimasukan ke dalam environment variable PYTHONPATH pun tidak dianggap PyCharm untuk dilakukan scan sehingga tidak bisa muncul dalam autocomplete-nya. Setelah searching dan dicoba ternyata hanya dengan set pada bagian Interpreter Paths. Berikut langkah-langkahnya: Buka Settings. Arahkan ke Project Interpreter . Klik pada logo gear yang terdapat pada pojok kanan atas dan pilih Show All ... Pilih interpreter python yang digunakan pada project dan pilih opsi Show paths for selected interpreter yang terdapat pada pojok kanan bawah. Tambahkan direktori yang berisikan external library dan klik pada tombol  OK untuk menerapkan perubahan.  
Read more