automatic module_metadata_base.json update

2020-04-14 12:13:45 -05:00
parent 1bc40f88ac
commit ba2f786bbb
1 changed files with 55 additions and 0 deletions
@@ -26661,6 +26661,61 @@
    },
    "needs_cleanup": false
  },
+  "auxiliary_scanner/http/limesurvey_zip_traversals": {
+    "name": "LimeSurvey Zip Path Traversals",
+    "fullname": "auxiliary/scanner/http/limesurvey_zip_traversals",
+    "aliases": [
+
+    ],
+    "rank": 300,
+    "disclosure_date": "2020-04-02",
+    "type": "auxiliary",
+    "author": [
+      "h00die",
+      "Matthew Aberegg",
+      "Michael Burkey",
+      "Federico Fernandez",
+      "Alejandro Parodi"
+    ],
+    "description": "This module exploits an authenticated path traversal vulnerability found in LimeSurvey\n        versions between 4.0 and 4.1.11 with CVE-2020-11455 or <= 3.15.9 with CVE-2019-9960,\n        inclusive.\n        In CVE-2020-11455 the getZipFile function within the filemanager functionality\n        allows for arbitrary file download.  The file retrieved may be deleted after viewing,\n        which was confirmed in testing.\n        In CVE-2019-9960 the szip function within the downloadZip functionality allows\n        for arbitrary file download.\n        Verified against 4.1.11-200316, 3.15.0-181008, 3.9.0-180604, 3.6.0-180328,\n        3.0.0-171222, and 2.70.0-170921.",
+    "references": [
+      "EDB-48297",
+      "CVE-2020-11455",
+      "URL-https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b",
+      "CVE-2019-9960",
+      "URL-https://www.secsignal.org/en/news/cve-2019-9960-arbitrary-file-download-in-limesurvey/",
+      "URL-https://github.com/LimeSurvey/LimeSurvey/commit/1ed10d3c423187712b8f6a8cb2bc9d5cc3b2deb8"
+    ],
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": null,
+    "mod_time": "2020-04-14 10:04:17 +0000",
+    "path": "/modules/auxiliary/scanner/http/limesurvey_zip_traversals.rb",
+    "is_install_path": true,
+    "ref_name": "scanner/http/limesurvey_zip_traversals",
+    "check": false,
+    "post_auth": true,
+    "default_credential": true,
+    "notes": {
+    },
+    "needs_cleanup": false
+  },
  "auxiliary_scanner/http/linknat_vos_traversal": {
    "name": "Linknat Vos Manager Traversal",
    "fullname": "auxiliary/scanner/http/linknat_vos_traversal",