1337day-Exploits Posted November 29, 2012 Share Posted November 29, 2012 PacketStorm-Security Acaba de publicar lo siguiente: This is the hidden content, please Sign In or Sign Up ;) This Metasploit module exploits a vulnerability in lib/dbtools.inc which uses unsanitized user input inside a eval() call. Additionally the base64 encoded user credentials are extracted from the database of the application. Please note that in order to be able to steal credentials, the vulnerable service must have at least one USV module (an entry in the "nodes" table in mgedb.db). 29/11/2012 06:43 Link to comment Share on other sites More sharing options...
Recommended Posts