Skip to content

Instantly share code, notes, and snippets.

@leommxj

leommxj/nagios_graphtemplates_code_injection.md Secret

Created January 21, 2021 03:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save leommxj/93edce6f8572cefe79a3d7da4389374e to your computer and use it in GitHub Desktop.
Save leommxj/93edce6f8572cefe79a3d7da4389374e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nagios_graphtemplates_code_injection.md

In nagios xi 5.7, admin can edit/delete/add template in /nagiosxi/admin/graphtemplates.php the template will be store in /usr/local/nagios/share/pnp/templates . Which can be accessed and execute as a PHP file through /nagios/pnp/templates/?.php. and lead to PHP code execution and OS command execution as apache.

1 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment