Share
## https://sploitus.com/exploit?id=87E2BDC7-C6EE-5DCB-94E6-21A61D1E362D
# ZimLFI-Hunter (CVE-2025-68645)

![Python](https://img.shields.io/badge/Python-3.x-blue.svg)
![License](https://img.shields.io/badge/License-MIT-green.svg)
![Type](https://img.shields.io/badge/Vulnerability-LFI-red.svg)

**ZimLFI-Hunter** is a professional Proof-of-Concept (PoC) scanner designed to identify the **CVE-2025-68645** vulnerability in Zimbra Collaboration Suite. This tool detects Local File Inclusion (LFI) flaws through the `/h/printcalendar` endpoint.



## ๐Ÿ›ก๏ธ Vulnerability Overview
The vulnerability exists due to improper path normalization in certain Zimbra servlets, allowing an unauthenticated attacker to include and read internal files (such as `web.xml`, `localconfig.xml`, etc.) by manipulating the `javax.servlet.include.servlet_path` parameter.

## ๐Ÿš€ Features
- **ASCII Art Banner**: Pro terminal interface.
- **Stealth Scanning**: Implements basic bypass techniques (Semicolon, Encoding).
- **Real-time Feedback**: Status tracking for each payload.
- **Colorized Output**: Easy-to-read vulnerability detection.

## โš™๏ธ Installation

1. **Clone the repository:**
   ```bash
   git clone https://github.com/Gh0st/ZimLFI-Hunter.git
   cd ZimLFI-Hunter

Install dependencies:
>  pip install -r requirements.txt

๐Ÿ› ๏ธ Usage
Simply run the script and provide the target URL:

python zimlfi_hunter.py -u https://target-zimbra.com