CVE-2022-29806 PoC — ZoneMinder 路径遍历漏洞

Source

https://github.com/Sigm0n/CVE-2022-29806

Associated Vulnerability

Title:ZoneMinder 路径遍历漏洞 (CVE-2022-29806)
Description:ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.36.13之前版本存在安全漏洞，该漏洞源于通过无效语言远程执行代码。

Description

ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit

Readme

# CVE-2022-29806
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE)

![alt img](image.png)

### Description
A Path Traversal vulnerability in debug log file and default language option in ZoneMinder version before 1.36.13 and 1.37.11 allows attackers to write and execute arbitrary code to achieve remote command execution.

"The proof of concept was tested against ZoneMinder 1.36.4 ubuntu18.04 docker: ZoneMinder/zmdockerfiles but will still applicable up to the latest version 1.36.12"

### Usage

```
git clone https://github.com/OP3R4T0R/CVE-2022-29806
cd CVE-2022-29806
python3 exploit.py
```

```
python3 exploit.py -t <target_url> -ip <attacker_ip> -p <port>
python3 exploit.py -t <target_url> -ip <attacker-ip> -p <port>
```

#### Requirements

```
pip3 install beautifulsoup4
pip3 install argparse
pip3 install requests
```

### Credits
[krastanoel](https://krastanoel.com/) discovered the vulnerability.

File Snapshot


 [4.0K]  /data/pocs/1502b50d3e0a4ca758e63e79462be5c2caabf229
├── [6.8K]  exploit.py
├── [103K]  image.png
└── [ 930]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!