关联漏洞
标题:
Zabbix 安全漏洞
(CVE-2022-23131)
描述:Zabbix是拉脱维亚Zabbix公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。 Zabbix 存在安全漏洞,该漏洞源于在启用 SAML SSO 身份验证(非默认)的情况下,恶意行为者可以修改会话数据,因为存储在会话中的用户登录未经过验证。 未经身份验证的恶意攻击者可能会利用此问题来提升权限并获得对 Zabbix 前端的管理员访问权限。
描述
CVE-2022-23131 Zabbix Server SAML authentication exploit
介绍
# CVE-2022-23131 Zabbix SAML Authentication Exploit
This Python script exploits a misconfigured SAML authentication flow on a Zabbix server. By providing a Zabbix server URL and a user (default: `Admin`), the script generates an authenticated Zabbix session (`zbx_session`), and attempts to access the dashboard with the authenticated session.
## Usage
To use the script, run it from the command line and provide the target Zabbix server URL. You can optionally specify a user and a custom user agent.
### Basic Usage
```
python cve-2022-23131.py <target_url>
```
### Optional Parameters
- **`-u` or `--user`**: Specify the Zabbix user to authenticate as (default: `Admin`).
- **`-a` or `--user-agent`**: Provide a custom User-Agent string.
### Examples
1. **Run the exploit with default parameters**:
```
python cve-2022-23131.py https://zabbix.local
```
2. **Run the exploit with a custom user**:
```
python cve-2022-23131.py https://zabbix.local -u JohnDoe
```
3. **Run the exploit with a custom User-Agent**:
```
python cve-2022-23131.py https://zabbix.local -u JohnDoe -a "CustomUserAgent/1.0"
```
## Output
The script will indicate whether the exploit was successful. If successful, it will print an authenticated `zbx_session`, which you can use to access the Zabbix dashboard.
Here’s an example of the script in action:
## How to Update the Cookie in Chrome or Firefox
Once you have successfully retrieved the `zbx_session` value, you can manually update the cookie in your browser to authenticate yourself as the specified user. Follow the steps below for **Chrome** or **Firefox**.
### Chrome
1. Open Chrome and go to the Zabbix server URL.
2. Right-click on the page and select **Inspect** to open the Developer Tools.
3. Go to the **Application** tab.
4. In the left-hand pane, under **Storage**, click **Cookies**, and select the Zabbix server URL.
5. Find the **`zbx_session`** cookie.
6. Double-click the **Value** field, replace it with the newly generated `zbx_session` value, and press Enter.
### Firefox
1. Open Firefox and go to the Zabbix server URL.
2. Right-click on the page and select **Inspect Element** to open the Developer Tools.
3. Go to the **Storage** tab.
4. In the left-hand pane, click on **Cookies**, and select the Zabbix server URL.
5. Find the **`zbx_session`** cookie.
6. Double-click the **Value** field, replace it with the new `zbx_session` value, and press Enter.
Here is an example of how to update the cookie in the Developer Tools:
## Credits
Credits for this exploit write-up go to @random-robbie, @jweny, and @Mr-xn. I just modified the script as I found it wasn't working as expected anymore.
Reference: [https://github.com/Mr-xn/cve-2022-23131](https://github.com/Mr-xn/cve-2022-23131)
文件快照
[4.0K] /data/pocs/b2392205cdc2541ca1ff037b1b6b8aef54a68ca5
├── [2.2K] cve-2022-23131.py
├── [4.0K] img
│ ├── [ 54K] cookie.png
│ └── [ 29K] example.png
└── [2.8K] README.md
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。