Zabbix – SQL Injection

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure.

Vulnerability Overview:

Zabbix suffers from a remote SQL injection vulnerability in the jsrpc.php page or api_jsonrpc.php page .

Proof of Concept:


  • Result:
  1. Exemple 1

Capturezabbb.PNG2. Exemple 2



to decrypt the md5 password,we can use


now ,we can access with admin/C1secret!

and ….



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s