Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-3835

Cross Site Scripting Vulnerability

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.8.6
    • Component/s: Frontend (F)
    • Labels:
      None
    • Environment:
      Any

      Description

      The acknow.php page is vulnerable to reflected XSS attacks. The following section of code doesn't sanitize data properly:

      if(isset($_REQUEST['saveandreturn']))

      { $url = new CUrl(urldecode($_REQUEST['backurl'])); jsRedirect($url->getUrl()); exit(); }

      The $_REQUEST['backurl'] parameter can be manipulated to perform the XSS attack. Using a proxy capture the parameters request and replace the backurl parameter with the following: </script><script>alert('XSS');</script> (see attachment for PoC).

      Fix: Sanitze the backurl request parameter and don't assume the user is going to leave the <url>.php in place

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            infosec01 Damian Tommasino
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: