Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-40345 PoC — Nagios XI 命令注入漏洞

Source
https://github.com/ArianeBlow/NagiosXI-RCE-all-version-CVE-2021-40345
Associated Vulnerability
Title:Nagios XI 命令注入漏洞 (CVE-2021-40345)
Description:An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
Description
RFI to RCE Nagios/NagiosXI exploitation
Readme
# NagiosXI RCE File-Upload
CVE-2021-40345

Authentified RFI to RCE Nagios/NagiosXI exploitation

Step 1 : 
Go on the "dashlets" managing page and download one of them (I'm using "rss_dashlet" for the exemple) : 
```
http://TARGET_IP/nagiosxi/admin/dashlets.php?download=rss_dashlet
```

Step 2 : 
Modify the *.inc.php (I'm gonna use a tiny PHP reverse shell oneliner in line 34 for the exemple) :

![nagios1](https://user-images.githubusercontent.com/61753065/120605130-ffea4080-c44d-11eb-9dd6-bfba1ae56403.png)

Step 3 : 
Start your listener and upload the malicious dashlet in the dashlets managing page :

![nagios2](https://user-images.githubusercontent.com/61753065/120605611-8e5ec200-c44e-11eb-9111-40ee68ac35d8.png)

And voilà, you got the shell !
File Snapshot

 [4.0K]  /data/pocs/88d408b9d359a9ed42bbe36619c0b7440cd9c1f2
├── [1.0K]  LICENSE
└── [ 757]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →