CVE-2022-23131

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix's SAML SSO implementation. It manipulates the `zbx_session` cookie to forge a session with arbitrary user credentials, bypassing authentication.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix via SAML manipulation. It checks for the presence of SAML in the target and attempts to bypass authentication by modifying the session cookie to include a custom username.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix, by manipulating the SAML session data to generate a signed session cookie. The exploit allows an attacker to bypass authentication and gain administrative access by replacing the session cookie and using the SAML SSO login method.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix when SAML SSO is enabled. It manipulates session data by modifying the 'zbx_session' cookie to impersonate a user without proper validation.

This PoC exploits CVE-2022-23131, an unsafe session storage vulnerability in Zabbix Frontend. It manipulates the `zbx_session` cookie to bypass authentication and escalate privileges to admin by injecting a modified SAML data payload.

This repository contains a proof-of-concept exploit and scanner for CVE-2022-23131, an authentication bypass vulnerability in Zabbix. The scripts include a scanner for detecting vulnerable instances and an exploit that leverages Selenium to automate the exploitation process.

This is a Python-based exploit for CVE-2022-23131, an authentication bypass vulnerability in Zabbix. It manipulates the `zbx_session` cookie to bypass SSO authentication by injecting a modified username into the decoded session data.

This Python script exploits CVE-2022-23131, a SAML authentication bypass in Zabbix, by manipulating the `zbx_session` cookie to generate an authenticated session for a specified user (default: Admin). It tests the session by accessing the Zabbix dashboard and outputs the authenticated session if successful.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix's SSO mechanism. It crafts a malicious `zbx_session` cookie to bypass authentication and gain unauthorized access to the Zabbix dashboard.

This PoC is a simple scanner for CVE-2022-23131, a SAML SSO bypass vulnerability in Zabbix. It sends a crafted request with a malicious SAML session cookie and checks for a 302 redirect to confirm the vulnerability.

This repository contains a writeup for CVE-2022-23131, an authentication bypass vulnerability in Zabbix with SAML SSO enabled. The issue allows privilege escalation to admin access due to insecure client-side session storage.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix's SSO mechanism. It manipulates the `zbx_session` cookie to forge a session and bypass authentication, potentially granting unauthorized access.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix, by crafting a malicious SAML session cookie. It decodes the existing session, modifies the username attribute, and re-encodes it to bypass authentication.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix due to unsafe session storage. It manipulates the `zbx_session` cookie to bypass SAML authentication by injecting a crafted username into the session data.

This PoC exploits CVE-2022-23131, a SAML SSO authentication bypass in Zabbix. It manipulates the session cookie to inject a custom username, bypassing authentication.

This repository contains a proof-of-concept exploit for CVE-2022-23131, a SAML SSO authentication bypass vulnerability in Zabbix. The exploit manipulates the `zbx_session` cookie to bypass authentication and gain admin access.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix, by manipulating a JWT token in the 'zbx_session' cookie to impersonate an admin user. It decodes the cookie, modifies the payload to include an admin username, and re-encodes it for use in bypassing SSO.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix. It extracts session cookies, decodes them, and crafts a payload to bypass authentication by manipulating the SAML data.

This PoC exploits CVE-2022-23131, an authentication bypass vulnerability in Zabbix, by manipulating the SAML session cookie to impersonate an arbitrary user (default: Admin). It decodes the session cookie, modifies the username attribute, and re-encodes it for use in a forged session.

This repository contains a functional exploit for CVE-2022-23131, a SAML authentication bypass vulnerability in Zabbix. The PoC manipulates the 'zbx_session' cookie to forge SAML data, allowing unauthorized access as any user (default: Admin).