Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-17101

Persistent xss caused by URL validator refactoring

    XMLWordPrintable

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 59 (Dec 2019)
    • Story Points:
      0.5

      Description

      Persistent XSS vulnerabilities were introduced while introducing changes in ZBX-12825.
      This affects multiple pages, for example problem view:

      1. Create trigger with the following URL: "javascript:alert('xss'); //{$THIS.SHOULD.LOOK.LIKE.USERMACRO}"
      2. Cause trigger to go to the problem state.
      3. Go to problems page and click on URL in trigger popup menu:

      A bit harder it is to perform the same trick in Network maps as user macros are not enabled for network map URL. But still, it is possible through inventory macros:

      1. Create map with host element. Add URL with inventory URL macro ( {INVENTORY.URL.A}

        ).

      2. Set host inventory to manual and set inventory url A to "javascript:alert('xss'); //{$THIS.SHOULD.LOOK.LIKE.USERMACRO}"
      3. Save map
      4. Go to problems page and click on URL in map element popup menu:

      Overall problem is caused by invalid validation termination when some of the conditions are met while others are not.

      This is the first commit that broke the validation.
      https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/7c3dbcab386f60b4c8c5244850ec11c853c50a08#frontends/php/include/classes/validators/CHtmlUrlValidator.php

        Attachments

          Activity

            People

            Assignee:
            Miks.Kronkalns Miks Kronkalns
            Reporter:
            palivoda Rostislav Palivoda
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: