To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting"

Author

Exploit author

"Jinson Varghese Behanan"

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-08-28

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Exploit Title: Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting
# Date: 2020-08-07
# Vendor Homepage: https://www.nagios.com/products/nagios-log-server/
# Vendor Changelog: https://www.nagios.com/downloads/nagios-log-server/change-log/
# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
# Author Advisory: https://www.getastra.com/blog/911/stored-xss-vulnerability-nagios-log-server/
# Author Homepage: https://www.jinsonvarghese.com
# Version: 2.1.6 and below
# CVE : CVE-2020-16157

1. Description

Nagios Log Server is a popular Centralized Log Management, Monitoring, and Analysis software that allows organizations to view, sort, and configure logs. Version 2.1.6 of the application was found to be vulnerable to Stored XSS. An attacker (in this case, an authenticated regular user) can use this vulnerability to execute malicious JavaScript aimed to steal cookies, redirect users, perform arbitrary actions on the victim’s (in this case, an admin’s) behalf, logging their keystroke and more.

2. Vulnerability

The "Full Name" and "Username" fields in the /profile page or /admin/users/create page are vulnerable to Stored XSS. Once a payload is saved in one of these fields, navigate to the Alerting page (/alerts) and create a new alert and select Email Users as the Notification Method. As the user list is shown, it can be seen that the payload gets executed.

3. Timeline

Vulnerability reported to the Nagios team – July 08, 2020
Nagios Log Server 2.1.7 containing the fix to the vulnerability released – July 28, 2020
Release Date Title Type Platform Author
2020-11-20 "Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)" local windows ZwX
2020-11-20 "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)" local windows "Vincent Wolterman"
2020-11-20 "Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit" local windows stresser
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-11-20 "IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow" local windows "Paolo Stagno"
2020-11-19 "Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)" dos windows "Vincent Wolterman"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
Release Date Title Type Platform Author
2020-11-19 "Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting" webapps multiple "Emre ÖVÜNÇ"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "TestBox CFML Test Framework 4.1.0 - Directory Traversal" webapps multiple "Darren King"
2020-11-19 "TestBox CFML Test Framework 4.1.0 - Arbitrary File Write and Remote Code Execution" webapps multiple "Darren King"
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "xuucms 3 - 'keywords' SQL Injection" webapps multiple icekam
2020-11-18 "BigBlueButton 2.2.25 - Arbitrary File Disclosure and Server-Side Request Forgery" webapps multiple "RedTeam Pentesting GmbH"
2020-11-17 "Aerospike Database 5.1.0.3 - OS Command Execution" remote multiple "Matt S"
2020-11-17 "Apache Struts 2.5.20 - Double OGNL evaluation" remote multiple "West Shepherd"
Release Date Title Type Platform Author
2020-11-13 "OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure" webapps php "Jinson Varghese Behanan"
2020-11-09 "Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF" webapps hardware "Jinson Varghese Behanan"
2020-08-28 "Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting" webapps multiple "Jinson Varghese Behanan"
2020-07-29 "Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting" webapps php "Jinson Varghese Behanan"
2020-03-24 "Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting" webapps php "Jinson Varghese Behanan"
2020-03-02 "Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)" webapps php "Jinson Varghese Behanan"
2020-02-17 "Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting" webapps php "Jinson Varghese Behanan"
2020-02-10 "LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting" webapps php "Jinson Varghese Behanan"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48772/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.