Solarwinds Storage Manager 5.1.0 SQL Injection

2012-05-04T01:24:42
ID MSF:EXPLOIT/WINDOWS/HTTP/SOLARWINDS_STORAGE_MANAGER_SQL
Type metasploit
Reporter Rapid7
Modified 2020-10-02T20:00:37

Description

This module exploits a SQL injection found in Solarwinds Storage Manager login interface. It will send a malicious SQL query to create a JSP file under the web root directory, and then let it download and execute our malicious executable under the context of SYSTEM.