Nagios XI 5.5.10: XSS to #
Pubblicato dapolict 10 Aprile 2019
A remote attacker could trick an authenticated victim (with “autodiscovery job” creation privileges) to visit a malicious URL and obtain a remote root shell via a reflected Cross-Site Scripting (XSS), an authenticated Remote Code Execution (RCE) and a Local Privilege Escalation (LPE).
A few months ago I read about some Nagios XI vulnerabilities which got me interested in studying it a bit by myself. For those of you who don’t know what Nagios XI is I suggest you have a look at their website.
Fortunately, around that same time the team I am part of in Shielder chose to start spending one week each month to research or 0day discovery projects. These vulnerabilities are part of the ones I have found during that week, you can read about all of them at the security disclosures page. My target was to find an unauthenticated remote code execution with zero interaction needed, which I couldn’t find in that time span, maybe I’ll have a second look sometime in the future