Nagios XI Chained Remote Code Execution

Posted by deepcore on June 30, 2018 – 8:39 pm

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« FTPShell Client 6.70 Enterprise Edition Stack Buffer Overflow Microsoft Windows ADODB.Record Object File Overwrite »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Nagios XI Chained Remote Code Execution

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL