Zimbra unrar vulnerability. Now there are already POC available, it is safe to release our POC.
# CVE-2022-30333 Zimbra UNRAR vulnerability. Unrar till V 6.11 vulnerable. Make sure your .jsp shell is undetected. This exploit will work on zimbra installed on default path.
# Place your webshell in folder root_ver. Remove existing shell.jsp file. And then rar the root_ver folder. Not ZIP, only rar. Then python CVE-2022-30333.py root_ver.rar output.rar. Output.rar is the file you need to send.
# Do not add more than 1 file on root_ver/ folder.
# It can take few minutes for the shell to be extracted, or sometimes email is delivered late.
# Your shell will be extracted at domain.com/yourshellname.jsp