Full title: ScadaBR Credentials Dumper Exploit 
Category: remote exploits
Platform: multiple
This module retrieves credentials from ScadaBR, including service credentials and unsalted SHA1 password hashes for all users, by invoking the 'EmportDwr.createExportData' DWR method of Mango M2M which is exposed to all authenticated users regardless of privilege level. This module has been tested successfully with ScadaBR versions 1.0 CE and 0.9 on Windows and Ubuntu systems.

# 0day.today @ http://0day.today/