
Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.

Primary LanguagePython


Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.

CVE-2022-30333 Zimbra UNRAR vulnerability. Unrar till V 6.11 vulnerable. Make sure your .jsp shell is undetected. This exploit will work on zimbra installed on default path.

Place your webshell in folder root_ver. Remove existing shell.jsp file. And then rar the root_ver folder. Not ZIP, only rar. Then python CVE-2022-30333.py root_ver.rar output.rar. Output.rar is the file you need to send.

Do not add more than 1 file on root_ver/ folder.

It can take few minutes for the shell to be extracted, or sometimes email is delivered late.

Your shell will be extracted at domain.com/yourshellname.jsp