CVE-2023-40931

This repository provides a functional SQL injection exploit for CVE-2023-40931 using sqlmap, targeting Nagios XI's banner_message-ajaxhelper.php endpoint. The exploit requires valid credentials and leverages an authenticated SQLi vulnerability to dump the xi_users table.

This repository contains a functional PoC for CVE-2023-40931, targeting Nagios XI. The exploit demonstrates SQL injection via the 'id' parameter in the banner_message-ajaxhelper.php endpoint and includes functionality to create an admin account and attempt a reverse shell.

This Python script demonstrates an authenticated SQL injection vulnerability in Nagios XI by leveraging a vulnerable endpoint to dump database contents using sqlmap. It includes authentication, session handling, and a proof-of-concept SQLi payload.