poniedziałek, 23 października 2017

ZBX-11023 quick autopsy

When I was reading descriptions of bugs at VulDB I found that there is an SQL injection vulnerability in Zabbix (<2.2.13 and <3.0.4). I decided that it will be a good exercise to write a small proof-of-concept for that bug. Below you'll find results...

After preparing my VM I was ready to check some details of the bug available online. I found very nice post (here) describing the case. After reading it you should also be ready to prepare your own proof-of-concept. The bug is described as CVE-2016-10134.

Below results from the poc:

This simple poc will be available on my github.

In case of any questions, feel free to ping me @twitter or drop me an email.


I would also like to mention that resource. It was very useful during the whole 'research'.
Thanks! ;]

1 komentarz: