Scribd Logo
Upload

Welcome to Scribd!

  • 15 views

    Global Manager - Howto

    Uploaded by

    Luis Arzola
    The document warns to secure the Global Manager server module by blocking it and setting strict IP restrictions to prevent connections from untrustworthy addresses. It notes the module is vulnerable to SQL injections and buffer overflows, and provides a proof of concept attack where typing a shutdown command in the username field can cause the MSSQL server to stop responding.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Global Manager - Howto

    Uploaded by

    Luis Arzola
    15 views1 page
    The document warns to secure the Global Manager server module by blocking it and setting strict IP restrictions to prevent connections from untrustworthy addresses. It notes the module is vulnerable to SQL injections and buffer overflows, and provides a proof of concept attack where typing a shutdown command in the username field can cause the MSSQL server to stop responding.

    Original Description:

    Original Title

    global manager - howto.txt

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document warns to secure the Global Manager server module by blocking it and setting strict IP restrictions to prevent connections from untrustworthy addresses. It notes the module is vulnerable to SQL injections and buffer overflows, and provides a proof of concept attack where typing a shutdown command in the username field can cause the MSSQL server to stop responding.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    15 views1 page

    Global Manager - Howto

    Uploaded by

    Luis Arzola
    The document warns to secure the Global Manager server module by blocking it and setting strict IP restrictions to prevent connections from untrustworthy addresses. It notes the module is vulnerable to SQL injections and buffer overflows, and provides a proof of concept attack where typing a shutdown command in the username field can cause the MSSQL server to stop responding.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 1

    Please, take care of your Global Manager server module.

    You should also


    block it, and set strict ip restrictions for it. Don't allow any non-trustable
    gm ip addresses to connect it. It's vulnerable to SQL injections (and also, several
    buffer
    overflows).

    PoC : get SMC, set ip address at ServiceManager.cfg to target server ip address,


    and global manager
    port, type "' shutdown -- " (without double quotes) into username field (or any
    other), and try connecting.
    MSSQL server will stop responding after this query.

    Chernobyl
    Skype: live:cherno0x2f

    You might also like