Update rank, add note

2019-02-21 09:43:44 -06:00 · 2019-02-21 09:43:44 -06:00 · 1cd7dc8bc9
parent 382d760540
commit 1cd7dc8bc9
1 changed files with 18 additions and 14 deletions
--- a/modules/exploits/windows/nuuo/nuuo_cms_sqli.rb
+++ b/modules/exploits/windows/nuuo/nuuo_cms_sqli.rb
@ -4,7 +4,7 @@
 ##

 class MetasploitModule < Msf::Exploit::Remote
-  Rank = ExcellentRanking
+  Rank = NormalRanking

  include Msf::Exploit::EXE
  include Msf::Exploit::FileDropper
@ -13,8 +13,8 @@ class MetasploitModule < Msf::Exploit::Remote

  def initialize(info={})
    super(update_info(info,
-      'Name'           => 'Nuuo Central Management Authenticated SQL Server SQLi',
-      'Description'    => %q{
+      'Name'            => 'Nuuo Central Management Authenticated SQL Server SQLi',
+      'Description'     => %q{
      The Nuuo Central Management Server allows an authenticated user to query the state of the alarms.
      This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is
      installed by default, xp_cmdshell can be enabled and abused to achieve code execution.
@ -22,12 +22,12 @@ class MetasploitModule < Msf::Exploit::Remote
      module) or attempt to login using a provided username and password - it will also try the
      default credentials if nothing is provided.
      },
-      'License'        => MSF_LICENSE,
-      'Author'         =>
+      'License'         => MSF_LICENSE,
+      'Author'          =>
        [
-          'Pedro Ribeiro <pedrib@gmail.com>'         # Vulnerability discovery and Metasploit module
+          'Pedro Ribeiro <pedrib@gmail.com>'  # Vulnerability discovery and Metasploit module
        ],
-      'References'     =>
+      'References'      =>
        [
          [ 'CVE', '2018-18982' ],
          [ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-18-284-02' ],
@ -35,16 +35,20 @@ class MetasploitModule < Msf::Exploit::Remote
          [ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-cms-ownage.txt' ]

        ],
-      'Platform'       => 'win',
-      'Arch'           => ARCH_X86,
-      'Stance'         => Msf::Exploit::Stance::Aggressive,          # we need this to run in the foreground
-      'Targets'        =>
+      'Platform'        => 'win',
+      'Arch'            => ARCH_X86,
+      'Stance'          => Msf::Exploit::Stance::Aggressive,  # we need this to run in the foreground
+      'Targets'         =>
        [
          [ 'Nuuo Central Management Server <= v2.10.0', {} ],
        ],
-      'Privileged'     => false,                  # we run as NETWORK_SERVICE
-      'DisclosureDate' => 'Oct 11 2018',
-      'DefaultTarget'  => 0))
+      'Notes'           =>
+        {
+          'SideEffects'   => [ ARTIFACTS_ON_DISK ]
+        },
+      'Privileged'      => false,  # we run as NETWORK_SERVICE
+      'DisclosureDate'  => 'Oct 11 2018',
+      'DefaultTarget'   => 0))
    register_options [
      Opt::RPORT(5180),
      OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10]),