ZABBIX BUGS AND ISSUES

More checks required for popup_bitem.php

Details

  • Zabbix ID:
    NA

Description

A file "popup_bitem.php" allows to pass argument "itemid" unsanitised.

Activity

Hide
Alexander Vladishev added a comment - - edited

Fixed in pre-2.0.2 r28981 and pre-2.1.0 (beta) r28982.

Show
Alexander Vladishev added a comment - - edited Fixed in pre-2.0.2 r28981 and pre-2.1.0 (beta) r28982.
Hide
Takanori Suzuki added a comment -

Hi.

This issue also affect to Zabbix 1.8.x.
I could make a exploit for 1.8.x by using example from following exploit. It succeeded to get user's session id.
http://www.exploit-db.com/exploits/20087/

I made a patch for Zabbix 1.8.x.
Could you apply my patch to 1.8.x branch?
https://gist.github.com/3181678

Show
Takanori Suzuki added a comment - Hi. This issue also affect to Zabbix 1.8.x. I could make a exploit for 1.8.x by using example from following exploit. It succeeded to get user's session id. http://www.exploit-db.com/exploits/20087/ I made a patch for Zabbix 1.8.x. Could you apply my patch to 1.8.x branch? https://gist.github.com/3181678
Hide
Alexey Fukalov added a comment -

dev branch: svn://svn.zabbix.com/branches/dev/ZBX-5348
this fix should be used for 2.0 and trunk too.

Show
Alexey Fukalov added a comment - dev branch: svn://svn.zabbix.com/branches/dev/ZBX-5348 this fix should be used for 2.0 and trunk too.
Hide
Toms added a comment -

TESTED

Show
Toms added a comment - TESTED
Hide
Alexander Vladishev added a comment -

Also fixed in pre-1.8.15 r29282

Show
Alexander Vladishev added a comment - Also fixed in pre-1.8.15 r29282
Hide
Takanori Suzuki added a comment -

I checked pre-1.8.15 r29282 works good.
My exploit for 1.8.x doesn't get session id any more.
Thank you.

Show
Takanori Suzuki added a comment - I checked pre-1.8.15 r29282 works good. My exploit for 1.8.x doesn't get session id any more. Thank you.

People

Vote (1)
Watch (4)

Dates

  • Created:
    Updated:
    Resolved: