CVE-2024-22120-RCE Wrong session

Wrong session_id output

Open e-i-tz opened this issue 5 months ago • 0 comments

My system: Kali 6.6.15 zabbix version - 6.4.5; Zabbix system - Ubuntu 22.04 LTS.

Latest version of CVE-2024-22120-RCE.py writes wrong session_id (last symbols are repeated) and also has a problem with revshell spawn.

Error

python CVE-2024-22120-RCE.py --ip 192.168.19.156 --sid 813b3ec4a7b91a76beafd4b14ddedfdb --hostid 10084 (!) sessionid=50f9ecdd15fd788517f3938fcadf54a0d788517f3938fcadf54a0 Traceback (most recent call last): File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE.py", line 149, in RceExploit(args.ip, args.hostid, admin_sessionid,args.prefix) File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE.py", line 107, in RceExploit scriptid = CreateScript(url, headers, admin_sessionid, "whoami") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/erik/CVE-2024-22120-RCE/CVE-2024-22120-RCE.py", line 69, in CreateScript return json.loads(resp.text)["result"]["scriptids"][0] ^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/init.py", line 346, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 337, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/json/decoder.py", line 355, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Sep 10 '24 20:09 e-i-tz

CVE-2024-22120-RCE CVE-2024-22120-RCE copied to clipboard

Wrong session_id output

Error

CVE-2024-22120-RCE
CVE-2024-22120-RCE copied to clipboard