CVE-2022-23131

cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session] to [cookie] sign in with Single Sign-On (SAML) author: @random-robbie、@jweny and @Mr-xn link: blogsonarsourcecom/zabbix-case-study-of-unsafe-session-storage

cve-2022-23131

cve-2022-23131 使用方式：python3 zabbixpy target Admin target为目标地址 Admin固定为管理员用户名 将生成的zbx_signed_session替换到当前目标的cookie中 点击登陆页面的sign in with Single Sign-On (SAML)方式登陆，即可直接进入管理界面

CVE-2022-23131 #Zabbix sso漏洞 和gayhub其他poc一样，sso认证有问题，多数环境测试不成功。自己手动试试吧

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session] to [cookie] sign in with Single Sign-On (SAML) author: @random-robbie、@jweny and @Mr-xn link: blogsonarsourcecom/zabbix-case-study-of-unsafe-session-storage

CVE-2022-23131漏洞利用工具开箱即用。

CVE-2022-23131 CVE-2022-23131(Unsafe Session Storage) 0x00 前言 zabbix的漏洞（CVE-2022-23131），偶然间拿到了国外某公司zabbix服务器。Zabbix Sia Zabbix是拉脱维亚Zabbix SIA（Zabbix Sia）公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。Zabbix Frontend 存在安全漏洞，该漏洞源�

Collection of templates from various resources

nuclei_templates Collection of Nuclei Template githubcom/ayadim/Nuclei-bug-hunter githubcom/pikpikcu/nuclei-templates githubcom/esetal/nuclei-bb-templates githubcom/ARPSyndicate/kenzer-templates githubcom/medbsq/ncl githubcom/notnotnotveg/nuclei-custom-templates githubcom/foulenzer/foulenzer-templates github

CVE-2022-23131漏洞利用工具开箱即用。

CVE-2022-23131 CVE-2022-23131(Unsafe Session Storage) 0x00 前言 zabbix的漏洞（CVE-2022-23131），偶然间拿到了国外某公司zabbix服务器。Zabbix Sia Zabbix是拉脱维亚Zabbix SIA（Zabbix Sia）公司的一套开源的监控系统。该系统支持网络监控、服务器监控、云监控和应用监控等。Zabbix Frontend 存在安全漏洞，该漏洞源�

CVE-2022-23131 CVE-2022-23131(Unsafe Session Storage) fofa: app="ZABBIX-监控系统" && body="saml"

githubcom/pikpikcu/nuclei-templates githubcom/esetal/nuclei-bb-templates githubcom/ARPSyndicate/kenzer-templates githubcom/medbsq/ncl githubcom/notnotnotveg/nuclei-custom-templates githubcom/clarkvoss/Nuclei-Templates githubcom/z3bd/nuclei-templates githubcom/peanuth8r/Nuclei_Templates githubcom/th

nulcei-templates-collection Directories to exclude exclude-dirs: SOMETHING Files to exclude exclude-files: READMEmd gitignore pre-commit-configyaml LICENSE Add github urls community-templates: githubcom/AshiqurEmon/nuclei_templatesgit githubcom/0x727/ObserverWard_0x727 githubcom/0XParthJ/Nuclei-Templates githubcom/Elsfa7-110/mynucle

Zabbix SAML SSO Login Bypass Vulnerability CVE-2022-23131 Enviroment and Poc of CVE-2022-23131 Enviroment You can create a Zabbix with SAML SSO follow the step in Zabbix Enviroment for CVE-2022-23131 Poc The Poc was modified from jweny Usage: go run pocgo check -t localhost:8080 -u Admin [INFO] 2022/02/24 19:49 vul exist! target: localhost:8080, cookie: eyJzYW1

cve-2022-23131 exp

zabbix-saml-bypass-poc cve-2022-23131 本程序仅供甲方企业用户人员内部风险自查使用，禁止用于任何形式的未授权安全测试。 fofa: app="ZABBIX-监控系统" && body="saml" 使用方法： go build -o zexp chmod a+x zexp /zexp check -t xxxx/indexphp -u Admin

poc

cve-2022-23131 poc

Zabbix SSO Bypass

Zabbix SSO Auth Bypass CVE-2022-23131 usage: zabbix_session_exppy [-h] [-t TARGET] [-u USERNAME] [-p PROXY] [-f FILES] optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET Zabbix Server -u USERNAME, --username USERNAME Zabbix Admin User -p PROXY, --proxy PROXY

CVE-2022-23131漏洞批量检测与利用脚本

CVE-2022-23131poc-exp-zabbix- CVE-2022-23131漏洞批量检测与利用脚本 运行环境：python3 zabbix-pocpy 运行命令：python3 zabbix-pocpy 只检测一个目标输入1，批量检测输入其他值: 存在漏洞的url前面会有[+]标识，且会保存至当前目录下的successtxt zabbix-exppy 使用命令：调用selenium库,需要安装谷歌浏览器驱�

Zabbix-SAML-Bypass: CVE-2022-23131

Zabbix-CVE-2022-23131 Zabbix-SAML-Bypass: CVE-2022-23131 Description: Zabbix is vulnerable to Frontend Authentication Bypass Vulnerability with enabled SAML SSO authentication, due to insecure client-side session storage On successful exploit of this issue, it allows a malicious actor to escalate privileges and unauthorized admin access to Zabbix frontend Affected Version: 5

Zabbix - SAML SSO Authentication Bypass

CVE-2022-23131 Zabbix - SAML SSO Authentication Bypass Description In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified Dork: shodan-query: httpfaviconhash:892542951 fofa-query: app="ZABBIX

githubcom/pikpikcu/nuclei-templates githubcom/esetal/nuclei-bb-templates githubcom/ARPSyndicate/kenzer-templates githubcom/medbsq/ncl githubcom/notnotnotveg/nuclei-custom-templates githubcom/foulenzer/foulenzer-templates githubcom/clarkvoss/Nuclei-Templates githubcom/z3bd/nuclei-templates githubcom

cve-2022-23131 FOFA app="ZABBIX-监控系统" && body="saml" 运行 python cve-2022-23131py wwwexamplecom Admin 利用exp生成signed_session，替换cookie，再点击 Sign in with Single Sign-On (SAML) 默认是Admin (尊重尺度，后果自负) 萍水相逢，致敬不甘平凡的平凡人

CVE-2022-23131 CVE-2022-23131 - SAML SSO bypass fofa: app="ZABBIX-监控系统" && body="saml"

CVE-2022-23131 创建一个urlstxt，把目标放入到urlstxt中 python CVE-2022-23131py 存在漏洞会生产bugtxt中。

githubcom/pikpikcu/nuclei-templates githubcom/esetal/nuclei-bb-templates githubcom/ARPSyndicate/kenzer-templates githubcom/medbsq/ncl githubcom/notnotnotveg/nuclei-custom-templates githubcom/foulenzer/foulenzer-templates githubcom/clarkvoss/Nuclei-Templates githubcom/z3bd/nuclei-templates githubcom

批量脚本

vuln_script 漏洞脚本 Yapi远程命令执行漏洞py CVE-2022-23131 Zabbix SAML SSO认证绕过 CVE-2022-23131py python3 CVE-2022-23131py -u 127001 -a Admin 向日葵存在命令执行漏洞(CNVD-2022-10270) sunlogin_rcepy poc python3 sunlogin_rcepy --scan -u 10108374