Zabbix 3.4.7 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no image

Published on April 1st, 2021 📆 | 3335 Views ⚑

0

Zabbix 3.4.7 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Zabbix 3.4.7 - Stored XSS
# Date: 30-03-2021
# Exploit Author: Radmil Gazizov
# Vendor Homepage: https://www.zabbix.com/
# Software Link: https://www.zabbix.com/rn/rn3.4.7
# Version: 3.4.7
# Tested on: Linux

# Reference -
https://github.com/GloryToMoon/POC_codes/blob/main/zabbix_stored_xss_347.txt

1- Go to /zabbix/zabbix.php?action=dashboard.list (anonymous login CVE-2019-17382)
2- Create new dashboard
3- Add a new widget => Type: Map nabigation tree
4- Past into parameter "Name":
5- Click to "Add" button

Source link

Tagged with:



Leave a Reply