what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Mario Ceballos

Plixer Scrutinizer NetFlow and sFlow Analyzer 9 Default MySQL Credential

Posted Aug 8, 2012

Authored by sinn3r, Mario Ceballos, Jonathan Claudius, Tanya Secker | Site metasploit.com

This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to "0.0.0.0". This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.

tags | exploit, remote, arbitrary, code execution

advisories | CVE-2012-3951, OSVDB-84317

SHA-256 | 61e06a2fa99c7125dcd2af5faeafdcb8556b0880070d66206fa0180b420ee612

Download | Favorite | View

Scrutinizer NetFlow / sFlow Analyzer 9.0.1 XSS / Bypass / File Upload

Posted Jul 29, 2012

Authored by Mario Ceballos, Jonathan Claudius | Site trustwave.com

Scrutinizer NetFlow and sFlow Analyzer versions 9.0.1 and below suffer from bypass, cross site scripting, and remote file upload vulnerabilities. It also has undocumented MySQL admin users.

tags | exploit, remote, vulnerability, xss, file upload

advisories | CVE-2012-2626, CVE-2012-2627, CVE-2012-3848, CVE-2012-3951

SHA-256 | 5bbd69706e38d6f70c41925cdab4681651c0862b6cc58df5c29389f62daf07d3

Download | Favorite | View

Oracle Penetration Testing Using The Metasploit Framework

Posted Nov 2, 2010

Authored by Chris Gates, Mario Ceballos

Whitepaper called Oracle Penetration Testing Using the Metasploit Framework.

tags | paper

SHA-256 | 5f83e34bb9fafd4e3e942567202ceb11434ef372ffb87749583ed54f98922e90

Download | Favorite | View