Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1560 PoC — Centreon SQL注入漏洞

Source
https://github.com/Iansus/Centreon-CVE-2015-1560_1561
Associated Vulnerability
Title:Centreon SQL注入漏洞 (CVE-2015-1560)
Description:Centreon(Merethis Centreon)是一套需要与Nagios搭配使用的开源IT监控软件。该软件通过网页(Web)管理Nagios,以及通过第三方组件实现对网络、操作系统和应用程序的监控。 Centreon 2.5.4及之前版本的include/common/common-Func.php脚本中的‘isUserAdmin’函数存在SQL注入漏洞,该漏洞源于include/common/XmlTree/GetXmlTree.php脚本没有充分过滤‘sid’参数。远程攻击者可利用该漏洞执行任意
Description
A little Python tool for exploiting CVE-2015-1560 and CVE-2015-1561. Quick'n'dirty. Real dirty.
Readme
# Centreon-CVE-2015-1560_1561

A little Python tool for exploiting CVE-2015-1560 and CVE-2015-1561 on Centreon <= 2.5.4
Quick'n'dirty. Real dirty.
File Snapshot

 [4.0K]  /data/pocs/d29e5f832b555c0f99c29767419910c0c9442c23
├── [2.8K]  blindinject.py
├── [2.1K]  exploit-centreon.py
└── [ 146]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.