add: Zabbix CVE-2022-23131

add: Tenda uploadWewifiPic RCE

Tenda/uploadWewifiPic RCE/README.md

@@ -0,0 +1,9 @@
+# Tenda Auth uploadWewifiPic RCE
+
+Tenda router is an efficient and practical router. There is a command execution vulnerability in the uploadWewifiPic route in the background of Tenda routers. Attackers can use the vulnerability to execute arbitrary commands to obtain server permissions.
+
+FOFA **query rule**: [body="Tenda|登录" && body="tenda.css"](https://fofa.info/result?qbase64=Ym9keT0iVGVuZGF855m75b2VIiAmJiBib2R5PSJ0ZW5kYS5jc3Mi)
+
+# Demo
+
+![Tenda_Auth_uploadWewifiPic_RCE](Tenda_Auth_uploadWewifiPic_RCE.gif)

Zabbix/CVE-2022-23131/README.md

@@ -0,0 +1,9 @@
+# Zabbix Login Bypass (CVE-2022-23131)
+
+Zabbix is an open source monitoring system. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring, etc. A login bypass vulnerability exists in Zabbix that arises when SAML SSO authentication is enabled (not default). An unauthenticated malicious attacker could exploit the vulnerability to escalate privileges and gain administrator access to the Zabbix frontend.
+
+FOFA **query rule**: [body="SAML" && (banner="zbx_session=" || header="zbx_session=")](https://fofa.info/result?qbase64=Ym9keT0iU0FNTCIgJiYgKGJhbm5lcj0iemJ4X3Nlc3Npb249IiB8fCBoZWFkZXI9InpieF9zZXNzaW9uPSIp)
+
+# Demo
+
+![Zabbix_Login_Bypass_CVE_2022_23131](Zabbix_Login_Bypass_CVE_2022_23131.gif)