CVE-2023-26035 PoC — ZoneMinder 安全漏洞

Source

Associated Vulnerability

Description

ZoneMinder Snapshots - Unauthenticated

Readme

# CVE-2023-26035
ZoneMinder Snapshots - Unauthenticated
![image](https://github.com/Yuma-Tsushima07/CVE-2023-26035/assets/63207324/c4666544-871c-496b-8b35-6011a0f36e96)
![image](https://github.com/Yuma-Tsushima07/CVE-2023-26035/assets/63207324/798ca08e-95bc-433e-8862-d9bca4560f05)

## Install
**Grab Repo**
```bash
$ git clone https://github.com/Yuma-Tsushima07/CVE-2023-26035.git
```

**Setup**
> Note: Install the latest version of `node`
```bash
$ npm init
$ npm i axios cheerio yargs
```

## Usage
```
┌─[✗]─[v37r1x@7h3B14ckKn1gh75]─[~/Documents/Code/CVE-2023-26035]
└──╼ $node exp.js -h
Options:
      --version  Show version number                                   [boolean]
  -t, --target   Target URI (e.g., http://example.com/zm/)   [string] [required]
  -c, --cmd      Command to execute on the target            [string] [required]
  -h, --help     Show help                                             [boolean]
```
```
┌─[v37r1x@7h3B14ckKn1gh75]─[~/Documents/Code/CVE-2023-26035]
└──╼ $node exp.js -t http://127.0.0.1:8888/ --cmd '<shell>'
```

## Credits

- [rvizx](https://github.com/rvizx/CVE-2023-26035)

File Snapshot

 [4.0K]  /data/pocs/17ffa14a6a5e2ae07cc1d47235787a9aa8e4084c
├── [3.2K]  exp.js
├── [ 340]  package.json
├── [ 28K]  package-lock.json
└── [1.1K]  README.md

0 directories, 4 files

Remarks