Monday, August 29, 2016

Nagios XI noauth=1 requests

I've seen these admin page requests many times. Interesting that the parameter is noauth=1 which leads me to believe that if somebody misconfigured Nagios XI that it could allow an attacker to bypass authentication.

GET /nagiosxi/login.php?redirect=/nagiosxi/index.php0.000000&noauth=1

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. An Invoice email and a Hot mess of Java

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment