poniedziałek, 30 grudnia 2019

Multiple XSS bugs in Nagios 5.6.9

This time I decided to check latest version of Nagios (5.6.9). Below you'll find few details from few hours of testing. Here we go...

We will start here:


As you can see I downloaded OVA file with latest Nagios (5.6.9) and after a while (with VirtualBox) we are ready to start Burp. Our goal for today: find XSS bug(s) available for normal/registered user.

TL;DR ;)

#01: parameter: host:



Results:


Cool. Let's "show response in browser":


Next I tried to check the source code to find something 'similar' to the host parameter.

So we shoule be somewhere here:



Next:


I decide to follow via host parameter:


More:


...and more...


...and we landed here:


Checking:


Yep. So what about next param? ;)


#02: parameter: hostgroup:

Similar scenario.

Next...


#03: parameter: servicegroup:


Can you see any pattern here? ;)

 
Next...

#04: parameter: hour:


Response:


Our new report:


Frequency parameter is also vulnerable for this attack.

Now. Our new 'scheduled report' is available for us:



... as well as for the (nagios)admin user, check it out:


Maybe you'll find it useful. ;)

More bugs you'll find described here. In case you liked it - remember that now you have a donate button (right on top). ;)

See you next time!

Cheers







Brak komentarzy:

Prześlij komentarz