| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 May 2010 14:51:18 -0300 From: David Guimaraes <skysbsb@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: SQL injection vulnerability in Zabbix <= 1.8.1 Product: Zabbix Vendor: Zabbix SIA References: http://www.securityfocus.com/bid/39752 http://secunia.com/advisories/39119 Software Link: http://www.zabbix.com/ Vulnerable Version: <= 1.8.1 Vulnerability Type: SQL Injection Status: Fixed in version 1.8.2 Risk level: Medium Author: David "skys" Guimaraes (skysbsb[at]gmail.com) Date: 27/04/2010 Vulnerability Details: The vulnerability exists due to failure in the "events.php" script to properly sanitize user-supplied input in "nav_time" variable. Attacker can execute arbitrary queries to the database, compromise the application or exploit various vulnerabilities in the underlying SQL database. Attacker can use browser to exploit this vulnerability. The following PoC is available: http://vulnsite.com/path_to_zabbix/events.php?nav_time=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7+from+events+where+(testvalue)-- Positive response page contains: "\"info\">1" -- David "skys" Guimaraes _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists