CVE-2022-29806 PoC — ZoneMinder 路径遍历漏洞

Source

https://github.com/Sigm0n/CVE-2022-29806

Associated Vulnerability

Title:ZoneMinder 路径遍历漏洞 (CVE-2022-29806)
Description:ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

Description

ZoneMinder up to 1.36.12 Language privilege escalation (and RCE) - Poc Exploit

Readme

# CVE-2022-29806
ZoneMinder up to 1.36.12 Language privilege escalation (and RCE)

![alt img](image.png)

### Description
A Path Traversal vulnerability in debug log file and default language option in ZoneMinder version before 1.36.13 and 1.37.11 allows attackers to write and execute arbitrary code to achieve remote command execution.

"The proof of concept was tested against ZoneMinder 1.36.4 ubuntu18.04 docker: ZoneMinder/zmdockerfiles but will still applicable up to the latest version 1.36.12"

### Usage

```
git clone https://github.com/OP3R4T0R/CVE-2022-29806
cd CVE-2022-29806
python3 exploit.py
```

```
python3 exploit.py -t <target_url> -ip <attacker_ip> -p <port>
python3 exploit.py -t <target_url> -ip <attacker-ip> -p <port>
```

#### Requirements

```
pip3 install beautifulsoup4
pip3 install argparse
pip3 install requests
```

### Credits
[krastanoel](https://krastanoel.com/) discovered the vulnerability.

File Snapshot


 [4.0K]  /data/pocs/1502b50d3e0a4ca758e63e79462be5c2caabf229
├── [6.8K]  exploit.py
├── [103K]  image.png
└── [ 930]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!