CVE-2022-23134 PoC — Zabbix 授权问题漏洞

Source

https://github.com/TheN00bBuilder/cve-2022-23134-poc-and-writeup

Associated Vulnerability

Title:Zabbix 授权问题漏洞 (CVE-2022-23134)
Description:Zabbix是Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 存在授权问题漏洞，该漏洞源于在初始设置过程之后，setup.php 文件的某些步骤不仅可以由超级管理员访问，也可以由未经身份验证的用户访问。

Description

Writeup and POC for CVE-2022-23134

Readme

# CVE-2022-23134 Writeup and POC

This is a POC and writeup for CVE-2022-23134 in particular versions of Zabbix. Please read `writeup.md` on the details needed to use the exploit - it does require some setup of MySQL!

File Snapshot


 [4.0K]  /data/pocs/9c328a7308892b2dc3d0246f7f6d005fb1ac2ecf
├── [4.0K]  content
│   ├── [145K]  auth-switch-error.PNG
│   ├── [ 47K]  b64-decoded-step5into6.PNG
│   ├── [ 92K]  b64-step5into6.PNG
│   ├── [ 20K]  b64_step6.PNG
│   ├── [191K]  dbconnecting_maybe.PNG
│   ├── [135K]  ffs.PNG
│   ├── [165K]  oh_its_connecting.PNG
│   ├── [ 93K]  request-repeated-step1.PNG
│   ├── [137K]  request-repeated-step6.PNG
│   └── [137K]  request-repeated-timezone.PNG
├── [3.0K]  exploit.py
├── [ 217]  README.md
└── [6.9K]  writeup.md

1 directory, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!