CLONE - Persistent Cross Site Scripting Vulnerabilities

XMLWordPrintable

    • Type: Defect (Security)
    • Resolution: Incomplete
    • Priority: Blocker
    • None
    • Affects Version/s: None
    • Component/s: Frontend (F)
    • Environment:
      Debian GNU/Linux 5.0.8 (Lenny)
      Apache 2.2.16
      PHP 5.3.3

      Tested with:
      Mozilla Firefox 5.0

      These URL's are vulnerable to persistent XSS attacks due to improper sanitation of gname variable when creating user and host groups.

      URL:
      hostgroups.php
      usergrps.php

      Vulnerable parameter:
      gname

      Method:
      POST

      Injected:
      "</options><script>alert('XSS')</script>

      Persists in:
      http://test/zabbix/hostgroups.php
      http://test/zabbix/users.php
      http://test/zabbix/hosts.php?form=update&hostid=N (where N is a valid hostid)
      http://test/zabbix/scripts.php?form=1&scriptid=N (where N is a valid scriptid)
      http://test/zabbix/maintenance.php

        1. triggers_items.jpg
          40 kB
          Teruo Oshida
        2. timeperiod.jpg
          21 kB
          Teruo Oshida
        3. monitoring_maps.jpg
          31 kB
          Teruo Oshida
        4. monitoring_dashboard.jpg
          37 kB
          Teruo Oshida
        5. link_indicator.jpg
          25 kB
          Teruo Oshida
        6. 4.png
          97 kB
          Teruo Oshida
        7. 3.png
          94 kB
          Teruo Oshida
        8. 2.png
          86 kB
          Teruo Oshida
        9. 1.png
          91 kB
          Teruo Oshida

            Assignee:
            Unassigned
            Reporter:
            Teruo Oshida
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: