what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Zabbix 5.x SQL Injection / Cross Site Scripting

Zabbix 5.x SQL Injection / Cross Site Scripting
Posted Jul 25, 2021
Authored by Taurus Omar

Zabbix versions 1.x through 5.x suffer from persistent cross site scripting and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | bf647ae7e57509e600b3f979c5812067e2640eb2f5161119921047214e00b055

Zabbix 5.x SQL Injection / Cross Site Scripting

Change Mirror Download
# Exploit Title: Zabbix all version  / Multiple Vulnerabilities
# Exploit Author: TaurusOmar
# Twitter:@TaurusOmar
# HomePage:taurusomar.com
# Date: Jul 23th, 2021
# Version: Zabbix [1.x, 2.x, 3.x, 4,x 5.x]
# Risk: High (9.0)
# Vendor Homepage: https://www.zabbix.com/
# Tested on: Arch Linux
# Greetz: PwnEc

# Software Description:
Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices.
With encryption support it is possible to secure communications between separate Zabbix components (such as Zabbix server, proxies, agents and command-line utilities) using Transport Layer
Security (TLS) protocol v.1.2. Certificate-based and pre-shared key-based encryption is supported. Encryption is optional and configurable for individual components.

# 1.) Vulnerability Description => Blind Sqli (affect all versions):
An error in the application allows executing sql statements blindly
Path: https://domain/zabbix/hostinventoriesoverview.php?sid=[RANDOM_TOKEN]+Blind_Sqli&form_refresh=1&groupid=0&groupby=alias

# 2.) Vulnerability Description => Bypass login (affect all versions):
An error in the security of the form allows the login page to be skipped directly to the administration panel, which allows an attacker to access the entire application,
managing to make queries, edit parameters, among others.

Path: http://domain/zabbix/index.php

Vulnerable Form:
<form method="post" action="index.php" accept-charset="utf-8" aria-label="Sign in">
<li><label for="name">Username</label><input type="text" id="name" name="name" value="" maxlength="255" autofocus="autofocus"></li>
<li><label for="password">Password</label><input type="password" id="password" name="password" value="" maxlength="255"></li>
<li><input type="checkbox" id="autologin" name="autologin" value="1" class="checkbox-radio" checked="checked"><label for="autologin"><span></span>Remember me for 30 days</label></li>
<li><button type="submit" id="enter" name="enter" value="Sign in">Sign in</button></li>
<li class="sign-in-txt">or <a href="index.php?enter=guest">sign in as guest</a></li>

Pocs Bypass login - access dashborad:

# 3.) Vulnerability Description => Stored Cross Site Scripting (affect all versions):
The application allows uploading an xml file which can be modified by the <name> parameter with a load util XSS

Path: https://domain//zabbix/screen.import.php?rules_preset=screen

Malicious File .xml

<?xml version="1.0" encoding="UTF-8"?>

# 4.) Samples web Vulnerabilities whit diferent version:

# Disclaimer:
# This or previous programs are for Educational purpose ONLY. Do not use it without permission.
# The usual disclaimer applies, especially the fact that Taurus Omar is not liable for any damages
# caused by direct or indirect use of the information or functionality provided by these programs.
# The author or any Internet provider bears NO responsibility for content or misuse of these programs
# or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
# system crash, system compromise, etc.) caused by the use of these programs are not Taurus Omar's
# responsibility.
Login or Register to add favorites

File Archive:

October 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    0 Files
  • 2
    Oct 2nd
    22 Files
  • 3
    Oct 3rd
    19 Files
  • 4
    Oct 4th
    16 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By