Exploitation Summary
CVE-2013-7091 has been observed exploited in the wild (reported by VulnCheck KEV).
EIP tracks 3 public exploits from researchers including Metasploit, rubina119, including a Metasploit module exploits/unix/webapp/zimbra_lfi.
A Nuclei detection template is also available.
AI-analyzed exploit summary This Metasploit module exploits a local file inclusion (LFI) vulnerability in Zimbra Collaboration Server to steal LDAP credentials, obtain an admin auth token, and achieve remote code execution via file upload.
Description
Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.
Exploits (3)
This Metasploit module exploits a local file inclusion (LFI) vulnerability in Zimbra Collaboration Server to steal LDAP credentials, obtain an admin auth token, and achieve remote code execution via file upload.
This exploit leverages a Local File Inclusion (LFI) vulnerability in Zimbra to read the localconfig.xml file, which contains LDAP credentials. These credentials are then used to create an admin user via the admin SOAP API, granting administrative access.
This Metasploit module exploits a local file inclusion (LFI) vulnerability in Zimbra Collaboration Server to steal LDAP credentials, obtain an admin auth token, and achieve remote code execution via file upload and JSP stager execution.
Nuclei Templates (1)
http.title:"zimbra collaboration suite" || http.title:"zimbra web client sign in"
title="zimbra web client sign in" || title="zimbra collaboration suite"