diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index cbe5c16cd9..6cae0ee827 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -118035,6 +118035,47 @@ "notes": { } }, + "exploit_windows/nuuo/nuuo_cms_sqli": { + "name": "Nuuo Central Management Authenticated SQL Server SQLi", + "full_name": "exploit/windows/nuuo/nuuo_cms_sqli", + "rank": 300, + "disclosure_date": "2018-10-11", + "type": "exploit", + "author": [ + "Pedro Ribeiro " + ], + "description": "The Nuuo Central Management Server allows an authenticated user to query the state of the alarms.\n This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is\n installed by default, xp_cmdshell can be enabled and abused to achieve code execution.\n This module will either use a provided session number (which can be guessed with an auxiliary\n module) or attempt to login using a provided username and password - it will also try the\n default credentials if nothing is provided.", + "references": [ + "CVE-2018-18982", + "URL-https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02", + "URL-https://seclists.org/fulldisclosure/2019/Jan/51", + "URL-https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt" + ], + "platform": "Windows", + "arch": "x86", + "rport": 5180, + "autofilter_ports": [ + + ], + "autofilter_services": [ + + ], + "targets": [ + "Nuuo Central Management Server <= v2.10.0" + ], + "mod_time": "2019-02-21 09:43:44 +0000", + "path": "/modules/exploits/windows/nuuo/nuuo_cms_sqli.rb", + "is_install_path": true, + "ref_name": "windows/nuuo/nuuo_cms_sqli", + "check": false, + "post_auth": false, + "default_credential": false, + "notes": { + "SideEffects": [ + "artifacts-on-disk" + ] + } + }, "exploit_windows/oracle/client_system_analyzer_upload": { "name": "Oracle Database Client System Analyzer Arbitrary File Upload", "full_name": "exploit/windows/oracle/client_system_analyzer_upload",