Bugtraq mailing list archives
SQL injection vulnerability in Zabbix <= 1.8.1
From: David Guimaraes <skysbsb () gmail com>
Date: Mon, 24 May 2010 14:48:07 -0300
Product: Zabbix Vendor: Zabbix SIA References: http://www.securityfocus.com/bid/39752 http://secunia.com/advisories/39119 Software Link: http://www.zabbix.com/ Vulnerable Version: <= 1.8.1 Vulnerability Type: SQL Injection Status: Fixed in version 1.8.2 Risk level: Medium Author: David "skys" Guimaraes (skysbsb[at]gmail.com) Date: 27/04/2010 Vulnerability Details: The vulnerability exists due to failure in the "events.php" script to properly sanitize user-supplied input in "nav_time" variable. Attacker can execute arbitrary queries to the database, compromise the application or exploit various vulnerabilities in the underlying SQL database. Attacker can use browser to exploit this vulnerability. The following PoC is available: http://vulnsite.com/path_to_zabbix/events.php?nav_time=-1+UNION+ALL+SELECT+1,2,3,4,5,6,7+from+events+where+(testvalue)-- Positive response page contains: "\"info\">1" -- David "skys" Guimaraes
Current thread:
- SQL injection vulnerability in Zabbix <= 1.8.1 David Guimaraes (May 25)