CVE-2023-26035

This repository contains a functional exploit for CVE-2023-26035, an unauthenticated RCE vulnerability in ZoneMinder. The exploit fetches a CSRF token and injects a reverse shell payload via the snapshot action, demonstrating the vulnerability effectively.

This repository contains a functional Python exploit for CVE-2023-26035, a Remote Code Execution (RCE) vulnerability in ZoneMinder versions prior to 1.36.33 and 1.37.33. The exploit leverages CSRF token extraction and command injection via the 'monitor_ids[0][Id]' parameter.

This repository contains a functional exploit for CVE-2023-26035, an unauthenticated remote code execution vulnerability in ZoneMinder. The exploit fetches a CSRF token and injects a command into the 'monitor_ids[0][Id]' parameter during snapshot creation.

This repository contains a functional Python exploit for CVE-2023-26035, an unauthenticated remote code execution (RCE) vulnerability in ZoneMinder. The exploit leverages a command injection flaw in the snapshot creation functionality, allowing arbitrary command execution via crafted HTTP requests.

This repository contains a functional Python exploit for CVE-2023-26035, an unauthenticated RCE vulnerability in ZoneMinder versions prior to 1.36.33 and 1.37.33. The exploit leverages command injection in the snapshot creation functionality to execute a reverse shell.

This Metasploit module exploits an unauthenticated command injection vulnerability in ZoneMinder by appending commands to the 'create monitor ids[]' action in the snapshot view. It supports both direct command execution and staged payload delivery.