The exploit allows an attacker to bypass authentication and gain access to the Nagios XI application by manipulating SQL queries. This vulnerability has been assigned the CVE-2024-24401. By exploiting this vulnerability, an attacker can obtain sensitive information, modify data, or perform unauthorized actions.
This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution.
This exploit targets the Nagios CGI script history.cgi. It takes advantage of a vulnerability in the Nagios code to execute remote commands. The exploit is likely to work on other Linux distributions that have similar vulnerabilities. The code includes some questionable practices that may not be recommended by experienced exploit coders.
The Nagios Plugins software is vulnerable to a remote buffer-overflow vulnerability. Attackers can exploit this vulnerability to execute arbitrary machine code in the context of the affected users. The vulnerability exists due to the software's failure to properly bounds-check user-supplied data before copying it to a buffer that is not large enough.
Nagios is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Nagios XI is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Nagios XI is prone to multiple cross-site request-forgery vulnerabilities because the application fails to properly validate HTTP requests. Successful exploit requires that the 'nagiosadmin' be logged into the web interface. Attackers can exploit these issues to gain unauthorized access to the affected application and perform certain administrative actions.
Nagios XI is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
This exploit leverages the vulnerabilities enumerated in these CVES: [ CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736 ]. More details here: http://blog.redactedsec.net/exploits/2018/04/26/nagios.html. Steps are as follows: 0. Determine Version 1. Change the database user to root:nagiosxi 2. Get an API key w/ SQLi 3. Use the API Key to add an administrative user 4. Login as that administrative user 5. Do some authenticated RCE w/ privesc 6. Cleanup.
Services By CQR