ozzi-

Description:

Abusing missing input sanitization in Zimbra ZCS leads to arbitary JavaScript being loaded when opening an email. Credits to: Securify.nl https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html

Hotfix:

No restart are required on your Zimbra servers.

$ cd /opt/zimbra/jetty_base/webapps/zimbra/js/

$ gunzip -S zgz MailCore_all.js.zgz

ozzi-

	/**
	 * @param target url such as test.ch
	 * @return set of subdomains that have at one point a https cert 
	 */
	public static HashSet<String> runCRTSH(String target){
		HashSet<String> subdomainSet = new HashSet<String>();
		try {
			String html = HTTP.get("https://crt.sh/?q=%25."+target);
			Document doc = Jsoup.parse(html);
			Elements elements = doc.select("td");