Centreon 19.10.5 – Database Credentials Disclosure

• Exploit Database
• 18 阅读

• 作者： Fabien AUNAY
  日期： 2020-01-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/47968/

• # Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure
  # Date: 2020-01-27
  # Exploit Author: Fabien AUNAY, Omri Baso
  # Vendor Homepage: https://www.centreon.com/
  # Software Link: https://github.com/centreon/centreon
  # Version: 19.10.5
  # Tested on: CentOS 7
  # CVE : -
  
  ###########################################################################################################
  Centreon 19.10.5 Database Credentials Disclosure
  
  Trusted by SMBs and Fortune 500 companies worldwide.
  An industry reference in IT Infrastructure monitoring for the enterprise.
  Counts 200,000+ ITOM users worldwide and an international community of software collaborators.
  Presence in Toronto and Luxembourg.
  Deployed in diverse sectors:
  - IT & telecommunication
  - Transportation
  - Government
  - Heath care
  - Retail
  - Utilities
  - Finance & Insurance
  - Aerospace & Defense
  - Manufacturing
  - etc.
  
  ###########################################################################################################
  
  POC:
  
  - Configuration / Pollers / Broker configuration
  -- Central-broker | Central-broker-master
  --- Output
  
  It is possible to discover the unencrypted password with the inspector.
  
  
  DB usercentreon
  DB password********
  <input size="120" name="output[0][db_password]" type="password" value="ZVy892xx">