CVE-2018-8736

Related Files

Nagios XI Chained Remote Code Execution

Posted Jun 29, 2018

Authored by Benny Husted, Cale Smith, Jared Arave | Site metasploit.com

This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API keys. 3. The API keys are then used to add an administrative user. 4. An authenticated session is established with the newly added user 5. Command Injection on /nagiosxi/backend/index.php allows us to execute the payload with nopasswd sudo, giving us a root shell. 6. Remove the added admin user and reset the database user.

tags | exploit, remote, shell, root, php, vulnerability

advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736

SHA-256 | 80bee7aa780edc43040bd1dd427fbdb84bcd1f35f74873b32d619a620e07f20c

Download | Favorite | View

Nagios XI 5.x Chained Remote Root

Posted Apr 30, 2018

Authored by Benny Husted, Cale Smith, Jared Arave

Nagios XI versions 5.2.6 up to 5.2.9, 5.3, and 5.4 chained remote root exploit.

tags | exploit, remote, root

advisories | CVE-2018-8733, CVE-2018-8734, CVE-2018-8735, CVE-2018-8736

SHA-256 | bb9a9ca26635c2779d5e4662eab43b6b113e781b49058727e94049827cb3f59a

Download | Favorite | View