automatic module_metadata_base.json update
This commit is contained in:
parent
c2e8f3fa69
commit
a036c2fae0
|
@ -66207,6 +66207,70 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/nagios_xi_configwizards_authenticated_rce": {
|
||||
"name": "Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection",
|
||||
"fullname": "exploit/linux/http/nagios_xi_configwizards_authenticated_rce",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2021-02-13",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Matthew Mathur"
|
||||
],
|
||||
"description": "This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are\n OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm\n configuration wizards that allow an authenticated user to perform remote code\n execution on Nagios XI versions 5.5.6 to 5.7.5 as the apache user.\n\n Valid credentials for a Nagios XI user are required. This module has\n been successfully tested against official NagiosXI OVAs from 5.5.6-5.7.5.",
|
||||
"references": [
|
||||
"CVE-2021-25296",
|
||||
"CVE-2021-25297",
|
||||
"CVE-2021-25298",
|
||||
"URL-https://github.com/fs0c-sh/nagios-xi-5.7.5-bugs/blob/main/README.md"
|
||||
],
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "x86, x64, cmd",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Linux (x86)",
|
||||
"Linux (x64)",
|
||||
"CMD"
|
||||
],
|
||||
"mod_time": "2023-02-07 14:30:11 +0000",
|
||||
"path": "/modules/exploits/linux/http/nagios_xi_configwizards_authenticated_rce.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "linux/http/nagios_xi_configwizards_authenticated_rce",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"SideEffects": [
|
||||
"artifacts-on-disk",
|
||||
"ioc-in-logs"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/nagios_xi_magpie_debug": {
|
||||
"name": "Nagios XI Magpie_debug.php Root Remote Code Execution",
|
||||
"fullname": "exploit/linux/http/nagios_xi_magpie_debug",
|
||||
|
|
Loading…
Reference in New Issue