CVE-2019-13024 PoC — Centreon 命令注入漏洞

Source

https://github.com/get-get-get-get/Centreon-RCE

Associated Vulnerability

Title:Centreon 命令注入漏洞 (CVE-2019-13024)
Description:Centreon（Merethis Centreon）是一套需要与Nagios搭配使用的开源IT监控软件。该软件通过网页（Web）管理Nagios，以及通过第三方组件实现对网络、操作系统和应用程序的监控。 Centreon V19.04版本中存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Description

Centreon v.19.04 Remote Code Execution exploit (CVE-2019-13024)

Readme

# Centreon-RCE
Centreon v.19.04 Remote Code Execution exploit (CVE-2019-13024)

Revision of https://github.com/mhaskar/CVE-2019-13024

## HOW TO USE:
1. Edit argument defaults for convenience, or don't (bottom of script)
2. If needed, edit 'edit_command' function to defeat defenses
3. '-v' for troubleshooting/verbose output (prints response content)

# EXAMPLES:
    ./centreon_rce.py whoami
    ./centreon_rce.py -t http://127.0.0.1/centreon -u MikeJones -p M1k3j0nes whoami -v
# Requirements
Requires BeautifulSoup and Requests
```bash
pip3 install requests bs4
```

# CREDIT:
https://github.com/mhaskar/ (https://github.com/mhaskar/CVE-2019-13024)

https://nvd.nist.gov/vuln/detail/CVE-2019-13024

File Snapshot


 [4.0K]  /data/pocs/7bbb0c015b4a0faf23464cbfd4cd2d8a1542cbe2
├── [4.9K]  centreon_rce.py
└── [ 702]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!