Giters

m3m0o / zoneminder-snapshots-rce-poc

This is a script written in Python that allows the exploitation of the Zoneminder's security flaw described in CVE 2023-26035.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

cvecve-2023-26035rce-exploitzoneminder

Zoneminder Unauthenticated RCE via Snapshots (CVE-2023-26035) POC

This is a script written in Python that allows the exploitation of the Zoneminder's security flaw in the described in CVE 2023-26035. The system is vulnerable in versions preceding 1.36.33 and 1.37.33.

Usage

Clone the repository to your machine and install the dependencies using pip (it is recommended to use virtualenv to create an environment to separate these installations from global installations)

git clone https://github.com/m3m0o/zoneminder-snapshots-rce-poc
cd zoneminder-snapshots-rce-poc
pip install -r requirements.txt

The script needs the target URL with the Zoneminder's root path (like http://example.com/zm, http://example.com or http://example.com/zoneminder), the IP or domain for the target machine to connect and the port for the target machine to connect. Here's an example:

python3 main.py -u http://zoneminder.target:8000 -i 10.10.14.56 -p 443

script-demo

References

Unauthenticated RCE in snapshots

Rapid7 Vulnerability & Exploit Database ZoneMinder Snapshots Command Injection

About

This is a script written in Python that allows the exploitation of the Zoneminder's security flaw described in CVE 2023-26035.

cvecve-2023-26035rce-exploitzoneminder

License:Apache License 2.0

Languages

Language:Python 100.0%