When I was reading descriptions of bugs at VulDB I found that there is an SQL injection vulnerability in Zabbix (<2.2.13 and <3.0.4). I decided that it will be a good exercise to write a small proof-of-concept for that bug. Below you'll find results...
After preparing my VM I was ready to check some details of the bug available online. I found very nice post (here) describing the case. After reading it you should also be ready to prepare your own proof-of-concept. The bug is described as CVE-2016-10134.
Below results from the poc:
This simple poc will be available on my github.
In case of any questions, feel free to ping me @twitter or drop me an email.
I would also like to mention that resource. It was very useful during the whole 'research'.