Dark ozpy

When Zimbra XXE and SSRF vulnerability has been found and published by tint0 in his blog i actively do the RnD to reproduce it by using Burp Suite and postman. The result is the CVE are working then i do broadcast to my team for the upgrade ASAP because at that time if anyone publishing the exploit it can lead to RCE (remote code execution) which a lot of things can do such as putting backdoor, etc.

Then i create a script for doing automation to scan several vulnerability zimbra (thanks to shodan and google dorks) if it's found then i do fetch some information and a POC after that i send them an email like this.

 
Some of them is replying for appreciation (also guide them to do patch) and a lot of them ignoring it :D, the purpose i doing this is purely not for profit just to make awareness. Until comes where the vulnerability has been published in exploit-db then they are screaming.

Here's a part of my automation script by extending my own python Zimbra SOAP api library namely ozpy.

What I Learn

These are some points of what i learn from this CVE in my Zimbra implementation:
  • Considering make a separation between user access end point servers such as Proxy (webmail, imap, pop3) and SMTP (submission, smtps) with mailbox server. by multiserver architecture.
  • Just open internet or public access only for necessary server. Mailbox server doesn't required here. DMZ may a good option.
  • Monitor for all community forum, mail list for the latest news.

Comments

Popular posts from this blog

Menambahkan Library Path Pada Pycharm

Running debug SMTP server with python

Tutorial membuat menu/navigasi pada django