Details
-
Defect (Security)
-
Status: Closed
-
Trivial
-
Resolution: Won't fix
-
6.0.0rc1
-
None
-
None
Description
Steps to reproduce:
For testing purpose i've used https://zabbix-stage-dal10.ole.redhat.com/
testcase : 1
adding : ;
https://zabbix-stage-dal10.ole.redhat.com/;
redirected to normal page
test case 2:
https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))
again redirected to normal page
Final payload
https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))$(echo%20MPCSBG)MPCSBG/got 500 internal status and cache got reflectedits now cached in server side
see screenshot 1
when we tried to give data on username and password it redirects to
https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))$(echo%20MPCSBG)MPCSBG/index.php
Result file not found :
screenshot 2
Result:
see screenshot 1 &2
Expected:
should not cache on server
should not display any data on 500 status