Hello everybody. Today we will see about Zabbix toggleids sql injection exploit. First things first, what’s Zabbix. It is an enterprise open source monitoring software for networks and applications designed to monitor and track the status of various network services, servers, and other network hardware.
Zabbix uses MySQL, PostgreSQL, SQLite, Oracle or IBM DB2 to store data. Its backend is written in C and the web frontend is written in PHP. It has a web based interface and can be installed in both Linux and Windows. It boasts of over 13,000 downloads per week.
Zabbix version 3.0.3 suffers from SQL injection which can be exploited to steal the credentials. Let’s see how this exploit works. Start Metasploit and load the module as shown below.
As you can see, we need to set only one option “RHOST” which is the IP address of the target running Zabbix. Once you set the target, check whether its vulnerable or not using the “check” command.
Once we know target is vulnerable, executing the exploit using command “run” downloads the current usernames and password hashes from database to a JSON file. We can crack these password hashes and login into the Zabbix instance. See how to crack hashes with Kali Linux.
How to stay safe?
There are patches available. Please update.