Today we will start again here:
As I mentioned before - version I tried is 5.6.11. I started downloaded VM on VirtualBox again.
TL;DR
Because I enabled display_error in PHP config I was able to see the error message presented on the screen below:
It's always easier to find some more interesting bugs (without so-much-code-review;)). For example, with the 'error message' found in response I decided to use request as an input file for sqlmap just for a quick verification if this is exploitable bug:
After a while I was able to get inside the Nagios-database and/or dump it all to the Kali VM:
Little "proof-of-concept"**:
Checking --sql-shell parameter to grab the @@version:
Checking if dumping users table is possible:
So it looks like with "display_error = On" your Nagios server is vulnerable to this attack.
See you next time! ;)
Cheers
** working poc will be disclosed only to patron/donate users ;)
Brak komentarzy:
Prześlij komentarz