Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-8351

PHP Object Injection Vulnerability

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 2.2.3
    • Frontend (F)
    • Debian 7.3.0

      An instance of unserialised non-sanitised user-supplied input was identified in setup.php. The vulnerable code performs unserialisation on the ZBX_CONFIG cookie value as shown below.

      // ...

      // config
      $ZBX_CONFIG = get_cookie('ZBX_CONFIG', null);
      $ZBX_CONFIG = isset($ZBX_CONFIG) ? unserialize($ZBX_CONFIG) : array();
      $ZBX_CONFIG['check_fields_result'] = check_fields($fields, false);
      if (!isset($ZBX_CONFIG['step']))

      { $ZBX_CONFIG['step'] = 0; }

      // ...

      Non-authenticated attacker may provide a specially crafted serialised object and achieve an object injection within the application scope.

        1. Error Log.PNG
          Error Log.PNG
          9 kB
        2. Original Request.PNG
          Original Request.PNG
          9 kB
        3. Response.PNG
          Response.PNG
          8 kB
        4. Tampered Request.PNG
          Tampered Request.PNG
          19 kB

            Unassigned Unassigned
            munmap G. Geshev
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: