Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20536

Server side cache poisioning

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Won't fix
    • Icon: Trivial Trivial
    • None
    • 6.0.0rc1
    • Server (S)
    • None

      Steps to reproduce:

      1. For testing purpose i've used https://zabbix-stage-dal10.ole.redhat.com/
         
        testcase : 1
         
        adding : ;
         
        https://zabbix-stage-dal10.ole.redhat.com/
        redirected to normal page
         
        test case 2: 
         
        https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))
         
        again redirected to normal page
         
        Final payload
        https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))$(echo%20MPCSBG)MPCSBG/got 500 internal status and cache got reflectedits now cached in server side

      see screenshot 1
       
      when we tried to give data on username and password it redirects to
      https://zabbix-stage-dal10.ole.redhat.com/;echo%20MPCSBG$((282037%2B31337))$(echo%20MPCSBG)MPCSBG/index.php
       
       
      Result file not found :
      screenshot 2

      Result:
      see screenshot 1 &2
      Expected:
      should not cache on server

      should not display any data on 500 status

        1. 1.png
          1.png
          37 kB
        2. 2.png
          2.png
          18 kB

            Unassigned Unassigned
            pankaj14567 pankaj
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: