## https://sploitus.com/exploit?id=87E2BDC7-C6EE-5DCB-94E6-21A61D1E362D
# ZimLFI-Hunter (CVE-2025-68645)



**ZimLFI-Hunter** is a professional Proof-of-Concept (PoC) scanner designed to identify the **CVE-2025-68645** vulnerability in Zimbra Collaboration Suite. This tool detects Local File Inclusion (LFI) flaws through the `/h/printcalendar` endpoint.
## ๐ก๏ธ Vulnerability Overview
The vulnerability exists due to improper path normalization in certain Zimbra servlets, allowing an unauthenticated attacker to include and read internal files (such as `web.xml`, `localconfig.xml`, etc.) by manipulating the `javax.servlet.include.servlet_path` parameter.
## ๐ Features
- **ASCII Art Banner**: Pro terminal interface.
- **Stealth Scanning**: Implements basic bypass techniques (Semicolon, Encoding).
- **Real-time Feedback**: Status tracking for each payload.
- **Colorized Output**: Easy-to-read vulnerability detection.
## โ๏ธ Installation
1. **Clone the repository:**
```bash
git clone https://github.com/Gh0st/ZimLFI-Hunter.git
cd ZimLFI-Hunter
Install dependencies:
> pip install -r requirements.txt
๐ ๏ธ Usage
Simply run the script and provide the target URL:
python zimlfi_hunter.py -u https://target-zimbra.com