op5 Monitor Nacoma command execution

Added: 07/01/2016

Background

op5 Monitor is an open-source monitoring solution written in PHP.

Problem

The command_test.php script in the Nacoma component of op5 Monitor can be used to execute arbitrary operating system commands.

Resolution

Upgrade to op5 Monitor 7.2.0 or higher.

References

http://www.securityfocus.com/archive/1/537992
https://www.op5.com/blog/news/op5-monitor-7-2-0-release-notes/

Limitations

Exploit works on op5 Monitor 7.1.9 and requires valid credentials. (The default "monitor" account may be used.)
Back to exploit index