Details
-
Defect (Security)
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.2.11
-
None
Description
hello ,
I would like to report a fault in the request parameter , it allows redirection to external links from happening , which would make it possible for an attacker , using the suitability of the field with zabbix application, phishing attacks.
Example:
Normal request :
http: //server/zabbix/index.php?request=hosts.php
Malicious request :
http: //server/zabbix/index.php?request=http://fakepage/hosts.php
POC attached a video.
Attachments
Issue Links
- duplicates
-
ZBX-13133 Multiple security issues in frontend
-
- Closed
-