Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7243

Configuration file can be changed with editable cookies after setup

XMLWordPrintable

    • Icon: Incident report Incident report
    • Resolution: Unsupported version
    • Icon: Trivial Trivial
    • None
    • 2.1.9
    • Frontend (F)

      Start Setup and go all the way to last step where configuration file is generated and saved in folder. There is a cookie ZBX_CONFIG. If you don't press "Finish", cookie is not deleted. So don't press "Finish".
      Open dashboard. Dashboard refreshes page every 30 seconds. Delete configuration file and edit ZBX_CONFIG cookie manually. Change, for example, database name. Cookie is easy to read, because it's just serialized array.
      After 30 seconds, due to existing cookie, configuration file will be created again with new data and in dashboard there in every widget there will be setup. See attached images.

        1. hacked_dashboard.png
          699 kB
          Ivo Kurzemnieks
        2. setup_cookie.png
          42 kB
          Ivo Kurzemnieks

            Unassigned Unassigned
            iivs Ivo Kurzemnieks
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: