Zabbix – SQL Injection

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure.

Vulnerability Overview:

Zabbix suffers from a remote SQL injection vulnerability in the jsrpc.php page or api_jsonrpc.php page .

Proof of Concept:

zabbix

  • Result:
  1. Exemple 1

Capturezabbb.PNG2. Exemple 2

zabbixpwn1.PNG

zabbixpwn2.PNG

to decrypt the md5 password,we can use https://hashkiller.co.uk/md5-decrypter.aspx

zabbixpwn3

now ,we can access with admin/C1secret!

and ….

Capturebeauty.PNG

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s