Skip to content
Nuclei Templates

Zimbra Collaboration Suite Login Panel - Detect

ID: zimbra-web-login

Severity: info

Author: powerexploit

Tags: panel,zimbra,synacor

Description

Section titled “Description”

Zimbra Collaboration Suite panel was detected. Zimbra Collaboration Suite simplifies the communication environment, connects people over multiple channels, and provides a single place to manage collaboration and communication.

YAML Source

Section titled “YAML Source”
id: zimbra-web-login


info:
  name: Zimbra Collaboration Suite Login Panel - Detect
  author: powerexploit
  severity: info
  description: |
    Zimbra Collaboration Suite panel was detected. Zimbra Collaboration Suite simplifies the communication environment, connects people over multiple channels, and provides a single place to manage collaboration and communication.
  reference:
    - https://www.zimbra.com/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
    cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: synacor
    product: zimbra_collaboration_suite
    shodan-query:
      - http.title:"Zimbra Collaboration Suite"
      - http.title:"zimbra collaboration suite"
      - http.title:"zimbra web client sign in"
    fofa-query:
      - title="zimbra web client sign in"
      - title="zimbra collaboration suite"
    google-query:
      - intitle:"zimbra collaboration suite"
      - intitle:"zimbra web client sign in"
  tags: panel,zimbra,synacor


http:
  - method: GET
    path:
      - "{{BaseURL}}"


    host-redirects: true
    max-redirects: 2


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Zimbra Collaboration Suite Log In"
          - "Zimbra Web Client Sign In"
          - "Zimbra Web Client Log In"
        condition: or


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - 'v=([0-9]+)'
# digest: 4a0a00473045022100ef6239ee55217674548edf13aac727efda5974c4b786d7c91bea1b489ef21f0002207b5a57801dc00e85eb74641c84968b73ded6d6b2fbbf79b661965cd945a5ce59:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/exposed-panels/zimbra-web-login.yaml"

View on Github