CVE-2009-2288

This Metasploit module exploits a command injection vulnerability in Nagios3's statuswml.cgi script by injecting shell metacharacters into the 'ping' parameter, allowing arbitrary command execution.

This Metasploit module exploits a command injection vulnerability in Nagios3's statuswml.cgi script by injecting shell metacharacters into the 'ping' parameter, allowing arbitrary command execution. It authenticates with provided credentials and sends a crafted POST request to trigger the payload.

This exploit demonstrates a command injection vulnerability in Nagios via the WAP interface's ping feature. The URI example shows how arbitrary shell commands can be executed by appending them to the ping parameter.

This Metasploit module exploits a metacharacter injection vulnerability in Nagios3's statuswml.cgi script, allowing remote command execution via the 'ping' parameter. It sends a crafted POST request with shell metacharacters to execute arbitrary commands.