Skip to content
This repository has been archived by the owner on Sep 8, 2024. It is now read-only.
/ CVE-2023-26035 Public archive

POC script for CVE-2023-26035 (zoneminder 1.36.32)

7 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

heapbytes/CVE-2023-26035

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
imgs
imgs
 
 
README.md
README.md
 
 
poc.py
poc.py
 
 

Repository files navigation

POC for CVE-2023-26035

Works for ZoneMinder (Versions prior to 1.36.33 and 1.37.33)

  • Vulnerability : Remote Code Execution (RCE)

Usage

└─➜ python3 poc.py -h
usage: poc.py [-h] --target TARGET --cmd CMD
poc.py: error: the following arguments are required: --target, --cmd

Curl

  • Before jumping to rev shell, try this first, if you get hit, the service is vulnerable

curl

Reverse Shell

revshell

References :

https://nvd.nist.gov/vuln/detail/CVE-2023-26035
https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/zoneminder_snapshots.rb

NOTE

This script is just an alternate version for metasploit-framework script.

About

POC script for CVE-2023-26035 (zoneminder 1.36.32)

Topics

exploit poc zoneminder cve-2023-26035

Resources

Readme
Activity

Stars

7 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages