## https://sploitus.com/exploit?id=8A22B430-B792-5247-B276-346C15659F0B
# CVE-2022-23131 Zabbix SAML Authentication Exploit
This Python script exploits a misconfigured SAML authentication flow on a Zabbix server. By providing a Zabbix server URL and a user (default: `Admin`), the script generates an authenticated Zabbix session (`zbx_session`), and attempts to access the dashboard with the authenticated session.
## Usage
To use the script, run it from the command line and provide the target Zabbix server URL. You can optionally specify a user and a custom user agent.
### Basic Usage
```
python cve-2022-23131.py <target_url>
```
### Optional Parameters
- **`-u` or `--user`**: Specify the Zabbix user to authenticate as (default: `Admin`).
- **`-a` or `--user-agent`**: Provide a custom User-Agent string.
### Examples
1. **Run the exploit with default parameters**:
```
python cve-2022-23131.py https://zabbix.local
```
2. **Run the exploit with a custom user**:
```
python cve-2022-23131.py https://zabbix.local -u JohnDoe
```
3. **Run the exploit with a custom User-Agent**:
```
python cve-2022-23131.py https://zabbix.local -u JohnDoe -a "CustomUserAgent/1.0"
```
## Output
The script will indicate whether the exploit was successful. If successful, it will print an authenticated `zbx_session`, which you can use to access the Zabbix dashboard.
Here’s an example of the script in action:
![Example Output](img/example.png)
## How to Update the Cookie in Chrome or Firefox
Once you have successfully retrieved the `zbx_session` value, you can manually update the cookie in your browser to authenticate yourself as the specified user. Follow the steps below for **Chrome** or **Firefox**.
### Chrome
1. Open Chrome and go to the Zabbix server URL.
2. Right-click on the page and select **Inspect** to open the Developer Tools.
3. Go to the **Application** tab.
4. In the left-hand pane, under **Storage**, click **Cookies**, and select the Zabbix server URL.
5. Find the **`zbx_session`** cookie.
6. Double-click the **Value** field, replace it with the newly generated `zbx_session` value, and press Enter.
### Firefox
1. Open Firefox and go to the Zabbix server URL.
2. Right-click on the page and select **Inspect Element** to open the Developer Tools.
3. Go to the **Storage** tab.
4. In the left-hand pane, click on **Cookies**, and select the Zabbix server URL.
5. Find the **`zbx_session`** cookie.
6. Double-click the **Value** field, replace it with the new `zbx_session` value, and press Enter.
Here is an example of how to update the cookie in the Developer Tools:
![Update Cookie Example](img/cookie.png)
## Credits
Credits for this exploit write-up go to @random-robbie, @jweny, and @Mr-xn. I just modified the script as I found it wasn't working as expected anymore.
Reference: [https://github.com/Mr-xn/cve-2022-23131](https://github.com/Mr-xn/cve-2022-23131)