nuclei-templates/misconfiguration/zabbix-dashboards-access.yaml

28 lines
658 B
YAML
Raw Normal View History

2021-07-29 18:06:59 +00:00
id: zabbix-dashboards-access
2021-07-29 21:03:01 +00:00
2021-07-29 18:06:59 +00:00
info:
name: zabbix-dashboards-access
2021-08-02 10:40:05 +00:00
author: pussycat0x,vsh00t
2021-07-29 18:06:59 +00:00
severity: medium
description: View dashboard with guest login.
2021-08-02 10:40:05 +00:00
reference: |
- https://www.exploit-db.com/ghdb/5595
- https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt
2021-07-29 18:06:59 +00:00
tags: zabbix,unauth
2021-07-29 21:03:01 +00:00
2021-07-29 18:06:59 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/zabbix/zabbix.php?action=dashboard.list"
2021-07-29 21:03:01 +00:00
2021-07-29 18:06:59 +00:00
matchers-condition: and
matchers:
- type: word
words:
2021-07-29 21:03:01 +00:00
- "Create dashboard"
- "Zabbix SIA"
condition: and
2021-07-29 18:06:59 +00:00
- type: status
status:
- 200