infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

4.x 4.17.43
Metasploit 2019-02-21 20:50:47 -08:00
parent 0da81ccff8
commit 026d38943e
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
db/modules_metadata_base.json
View File

@ -118035,6 +118035,47 @@
"notes": {
}
},
"exploit_windows/nuuo/nuuo_cms_sqli": {
"name": "Nuuo Central Management Authenticated SQL Server SQLi",
"full_name": "exploit/windows/nuuo/nuuo_cms_sqli",
"rank": 300,
"disclosure_date": "2018-10-11",
"type": "exploit",
"author": [
"Pedro Ribeiro <pedrib@gmail.com>"
],
"description": "The Nuuo Central Management Server allows an authenticated user to query the state of the alarms.\n This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is\n installed by default, xp_cmdshell can be enabled and abused to achieve code execution.\n This module will either use a provided session number (which can be guessed with an auxiliary\n module) or attempt to login using a provided username and password - it will also try the\n default credentials if nothing is provided.",
"references": [
"CVE-2018-18982",
"URL-https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02",
"URL-https://seclists.org/fulldisclosure/2019/Jan/51",
"URL-https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt"
],
"platform": "Windows",
"arch": "x86",
"rport": 5180,
"autofilter_ports": [
],
"autofilter_services": [
],
"targets": [
"Nuuo Central Management Server <= v2.10.0"
],
"mod_time": "2019-02-21 09:43:44 +0000",
"path": "/modules/exploits/windows/nuuo/nuuo_cms_sqli.rb",
"is_install_path": true,
"ref_name": "windows/nuuo/nuuo_cms_sqli",
"check": false,
"post_auth": false,
"default_credential": false,
"notes": {
"SideEffects": [
"artifacts-on-disk"
]
}
},
"exploit_windows/oracle/client_system_analyzer_upload": {
"name": "Oracle Database Client System Analyzer Arbitrary File Upload",
"full_name": "exploit/windows/oracle/client_system_analyzer_upload",