module
Nuuo Central Management Authenticated SQL Server SQLi
| Disclosed | Created |
|---|---|
| Oct 11, 2018 | Mar 19, 2019 |
Disclosed
Oct 11, 2018
Created
Mar 19, 2019
Description
The Nuuo Central Management Server allows an authenticated user to query the state of the alarms.
This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is
installed by default, xp_cmdshell can be enabled and abused to achieve code execution.
This module will either use a provided session number (which can be guessed with an auxiliary
module) or attempt to login using a provided username and password - it will also try the
default credentials if nothing is provided.
This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is
installed by default, xp_cmdshell can be enabled and abused to achieve code execution.
This module will either use a provided session number (which can be guessed with an auxiliary
module) or attempt to login using a provided username and password - it will also try the
default credentials if nothing is provided.
Author
Pedro Ribeiro [email protected]
Platform
Windows
Architectures
x86
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.