adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

Browse Source
This commit is contained in:
Metasploit
2020-10-07 11:19:55 -05:00
parent 64cc47d654
commit 068824aa31
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/modules_metadata_base.json
+49
View File
@@ -6833,6 +6833,55 @@
},
"needs_cleanup": false
},
"auxiliary_admin/sap/sap_igs_xmlchart_xxe": {
"name": "SAP Internet Graphics Server (IGS) XMLCHART XXE",
"fullname": "auxiliary/admin/sap/sap_igs_xmlchart_xxe",
"aliases": [
],
"rank": 300,
"disclosure_date": "2018-03-14",
"type": "auxiliary",
"author": [
"Yvan Genuer",
"Vladimir Ivanov"
],
"description": "This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page\n of SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These\n vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when\n submitting a POST request to the XMLCHART page to generate a new chart.\n\n Successful exploitation will allow unauthenticated remote attackers to read files from the server as the user\n from which the IGS service is started, which will typically be the SAP admin user. Alternatively attackers\n can also abuse the XXE vulnerability to conduct a denial of service attack against the vulnerable\n SAP IGS server.",
"references": [
"CVE-2018-2392",
"CVE-2018-2393",
"URL-https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_IGS-The-vulnerable-forgotten-component.pdf"
],
"platform": "",
"arch": "",
"rport": 40080,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": null,
"mod_time": "2020-10-07 13:02:48 +0000",
"path": "/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb",
"is_install_path": true,
"ref_name": "admin/sap/sap_igs_xmlchart_xxe",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
},
"needs_cleanup": false
},
"auxiliary_admin/sap/sap_mgmt_con_osexec": {
"name": "SAP Management Console OSExecute",
"fullname": "auxiliary/admin/sap/sap_mgmt_con_osexec",