Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23131 PoC — Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configure

Source
https://github.com/SCAMagic/CVE-2022-23131poc-exp-zabbix-
Associated Vulnerability
Title:Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML (CVE-2022-23131)
Description:In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Description
CVE-2022-23131漏洞批量检测与利用脚本
Readme
# CVE-2022-23131poc-exp-zabbix-
CVE-2022-23131漏洞批量检测与利用脚本

运行环境:python3

zabbix-poc.py
运行命令:python3 zabbix-poc.py
![image](https://user-images.githubusercontent.com/51362701/180372142-33c0f482-c96a-4f7c-bfc9-bd2cd838f475.png)
只检测一个目标输入1,批量检测输入其他值:
存在漏洞的url前面会有[+]标识,且会保存至当前目录下的success.txt
![image](https://user-images.githubusercontent.com/51362701/180372168-882f1b08-4840-44e1-a1e1-3458c23660de.png)


zabbix-exp.py
使用命令:调用selenium库,需要安装谷歌浏览器驱动。
http://chromedriver.storage.googleapis.com/index.html
(注意版本和自己谷歌浏览器对应,找不到完全一样的版本,就下载版本相近的),下载至python的根路径下
python3 zabbix-exp.py url(存在漏洞的url)
![image](https://user-images.githubusercontent.com/51362701/180372202-c9c03557-bffa-43e8-89bd-8fb69bdef5d8.png)
若报No module named xxx的错误,自行使用命令python3 –m pip install xxx下载
![image](https://user-images.githubusercontent.com/51362701/180372228-ad2af8f7-88cd-4019-bffa-9bffaae6a09e.png)
运行后,会调谷歌浏览器,自动操作,切勿人工点击。否则会报错,待漏洞利用成功,也就是成功登录后,方可人工进行点击
File Snapshot

 [4.0K]  /data/pocs/243ee13719bc1b8b4a5672cf5c01062a7444b5f7
├── [1.3K]  README.md
├── [3.8K]  zabbix-exp.py
└── [3.1K]  zabbix-poc.py

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →