adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

Browse Source
This commit is contained in:
Metasploit
2023-09-12 18:27:42 -05:00
parent 28c4902f4a
commit 6a84cc8a57
1 changed files with 122 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/modules_metadata_base.json
+122
View File
@@ -17510,6 +17510,70 @@
"session_types": false,
"needs_cleanup": false
},
"auxiliary_gather/apache_superset_cookie_sig_priv_esc": {
"name": "Apache Superset Signed Cookie Priv Esc",
"fullname": "auxiliary/gather/apache_superset_cookie_sig_priv_esc",
"aliases": [
],
"rank": 300,
"disclosure_date": "2023-04-25",
"type": "auxiliary",
"author": [
"h00die",
"paradoxis",
"Spencer McIntyre",
"Naveen Sunkavally"
],
"description": "Apache Superset versions <= 2.0.0 utilize Flask with a known default secret key which is used to sign HTTP cookies.\n These cookies can therefore be forged. If a user is able to login to the site, they can decode the cookie, set their user_id to that\n of an administrator, and re-sign the cookie. This valid cookie can then be used to login as the targeted user and retrieve database\n credentials saved in Apache Superset.",
"references": [
"URL-https://github.com/Paradoxis/Flask-Unsign",
"URL-https://vulcan.io/blog/cve-2023-27524-in-apache-superset-what-you-need-to-know/",
"URL-https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/",
"URL-https://github.com/horizon3ai/CVE-2023-27524/blob/main/CVE-2023-27524.py",
"EDB-51447",
"CVE-2023-27524"
],
"platform": "",
"arch": "",
"rport": 8088,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": null,
"mod_time": "2023-09-12 15:52:58 +0000",
"path": "/modules/auxiliary/gather/apache_superset_cookie_sig_priv_esc.rb",
"is_install_path": true,
"ref_name": "gather/apache_superset_cookie_sig_priv_esc",
"check": true,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"Reliability": [
],
"SideEffects": [
"ioc-in-logs"
]
},
"session_types": false,
"needs_cleanup": false
},
"auxiliary_gather/apple_safari_ftp_url_cookie_theft": {
"name": "Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft",
"fullname": "auxiliary/gather/apple_safari_ftp_url_cookie_theft",
@@ -21827,6 +21891,64 @@
"session_types": false,
"needs_cleanup": false
},
"auxiliary_gather/python_flask_cookie_signer": {
"name": "Python Flask Cookie Signer",
"fullname": "auxiliary/gather/python_flask_cookie_signer",
"aliases": [
],
"rank": 300,
"disclosure_date": "2019-01-26",
"type": "auxiliary",
"author": [
"h00die",
"paradoxis",
"Spencer McIntyre"
],
"description": "This is a generic module which can manipulate Python Flask-based application cookies.\n The Retrieve action will connect to a web server, grab the cookie, and decode it.\n The Resign action will do the same as above, but after decoding it, it will replace\n the contents with that in NEWCOOKIECONTENT, then sign the cookie with SECRET. This\n cookie can then be used in a browser. This is a Ruby based implementation of some\n of the features in the Python project Flask-Unsign.",
"references": [
"URL-https://github.com/Paradoxis/Flask-Unsign"
],
"platform": "",
"arch": "",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": null,
"mod_time": "2023-09-12 15:52:58 +0000",
"path": "/modules/auxiliary/gather/python_flask_cookie_signer.rb",
"is_install_path": true,
"ref_name": "gather/python_flask_cookie_signer",
"check": false,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"Reliability": [
],
"SideEffects": [
]
},
"session_types": false,
"needs_cleanup": false
},
"auxiliary_gather/qnap_backtrace_admin_hash": {
"name": "QNAP NAS/NVR Administrator Hash Disclosure",
"fullname": "auxiliary/gather/qnap_backtrace_admin_hash",