Skip to content

kh4sh3i/CVE-2022-23131

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
CVE-2022-23131.yaml
CVE-2022-23131.yaml
 
 
README.md
README.md
 
 
zabbix_session_exp.py
zabbix_session_exp.py
 
 

Repository files navigation

CVE-2022-23131

Zabbix - SAML SSO Authentication Bypass

Description

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.

Dork:

shodan-query: http.favicon.hash:892542951

fofa-query: app="ZABBIX-监控系统" && body="saml"

usage

python3 zabbix_session_exp.py  -t https:target.com -u Admin

refrences

About

Zabbix - SAML SSO Authentication Bypass

Topics

saml authentication attack zabbix sso nuclei zabbix-agent cve dork nuclei-templates

Resources

Readme
Activity

Stars

10 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages