Icingaweb versions from 2.9.0 to 2.9.5 inclusive, and 2.8.0 to 2.8.5 inclusive suffer from an
unauthenticated directory traversal vulnerability. The vulnerability is triggered
through the icinga-php-thirdparty library, which allows unauthenticated users
to retrieve arbitrary files from the targets filesystem via a GET request to
/lib/icinga/icinga-php-thirdparty/
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/scanner/http/icinga_static_library_file_directory_traversal
msf auxiliary(icinga_static_library_file_directory_traversal) > show actions
...actions...
msf auxiliary(icinga_static_library_file_directory_traversal) > set ACTION < action-name >
msf auxiliary(icinga_static_library_file_directory_traversal) > show options
...show and set options...
msf auxiliary(icinga_static_library_file_directory_traversal) > run
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security