Vulnerability & Exploit Database

Back to search

Nagios3 history.cgi Host Command Execution

This module abuses a command injection vulnerability in the Nagios3 history.cgi script.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/unix/webapp/nagios3_history_cgi

Authors

  • Unknown <temp66 [at] gmail.com>
  • blasty <blasty [at] fail0verflow.com>
  • Jose Selvi <jselvi [at] pentester.es>
  • Daniele Martini <cyrax [at] pkcrew.org>

References

Targets

  • Automatic Target
  • Appliance Nagios XI 2012R1.3 (CentOS 6.x)
  • Debian 5 (nagios3_3.0.6-4~lenny2_i386.deb)

Platforms

  • linux
  • unix

Architectures

  • x86
  • x86

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/webapp/nagios3_history_cgi msf exploit(nagios3_history_cgi) > show targets ...targets... msf exploit(nagios3_history_cgi) > set TARGET <target-id> msf exploit(nagios3_history_cgi) > show options ...show and set options... msf exploit(nagios3_history_cgi) > exploit

Related Vulnerabilities