Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure.
Zabbix suffers from a remote SQL injection vulnerability in the
jsrpc.php page or api_jsonrpc.php page .
Proof of Concept:
- Code :https://www.exploit-db.com/exploits/40353/; https://github.com/RicterZ/zabbixPwn
- Zoomeye: we can found 19,468 .
- Exemple 1
2. Exemple 2
to decrypt the md5 password,we can use https://hashkiller.co.uk/md5-decrypter.aspx
now ,we can access with admin/C1secret!