Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding.
b6f02d2307906d45fffd57eaf354dfdd170be53826413e1efdb4d4d58e269c8dThis Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db).
ca94d18543aafa961d153b779642fdaf4da2fc45b207ec0756a59de101a2cf5d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed