adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

Browse Source
This commit is contained in:
Metasploit
2022-01-04 15:04:47 -06:00
parent 3ef9afb0fc
commit c34db4c7de
1 changed files with 65 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/modules_metadata_base.json
+65 -64
View File
@@ -537,70 +537,6 @@
"session_types": false,
"needs_cleanup": false
},
"auxiliary_admin/dcerpc/cve_2021_1675_printnightmare": {
"name": "Print Spooler Remote DLL Injection",
"fullname": "auxiliary/admin/dcerpc/cve_2021_1675_printnightmare",
"aliases": [
],
"rank": 300,
"disclosure_date": null,
"type": "auxiliary",
"author": [
"Zhiniang Peng",
"Xuefeng Li",
"Zhipeng Huo",
"Piotr Madej",
"Zhang Yunhai",
"cube0x0",
"Spencer McIntyre",
"Christophe De La Fuente"
],
"description": "The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted\n DCERPC request, resulting in remote code execution as NT AUTHORITY\\SYSTEM. This module uses the MS-RPRN\n vector which requires the Print Spooler service to be running.",
"references": [
"CVE-2021-1675",
"CVE-2021-34527",
"URL-https://github.com/cube0x0/CVE-2021-1675",
"URL-https://github.com/afwu/PrintNightmare",
"URL-https://github.com/calebstewart/CVE-2021-1675/blob/main/CVE-2021-1675.ps1",
"URL-https://github.com/byt3bl33d3r/ItWasAllADream"
],
"platform": "",
"arch": "",
"rport": 445,
"autofilter_ports": [
139,
445
],
"autofilter_services": [
"netbios-ssn",
"microsoft-ds"
],
"targets": null,
"mod_time": "2021-09-30 19:28:00 +0000",
"path": "/modules/auxiliary/admin/dcerpc/cve_2021_1675_printnightmare.rb",
"is_install_path": true,
"ref_name": "admin/dcerpc/cve_2021_1675_printnightmare",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"AKA": [
"PrintNightmare"
],
"Stability": [
"crash-service-down"
],
"Reliability": [
"unreliable-session"
],
"SideEffects": [
"artifacts-on-disk"
]
},
"session_types": false,
"needs_cleanup": false
},
"auxiliary_admin/dns/dyn_dns_update": {
"name": "DNS Server Dynamic Update Record Injection",
"fullname": "auxiliary/admin/dns/dyn_dns_update",
@@ -90410,6 +90346,71 @@
"session_types": false,
"needs_cleanup": true
},
"exploit_multi/http/wp_catch_themes_demo_import": {
"name": "Wordpress Plugin Catch Themes Demo Import RCE",
"fullname": "exploit/multi/http/wp_catch_themes_demo_import",
"aliases": [
],
"rank": 300,
"disclosure_date": "2021-10-21",
"type": "exploit",
"author": [
"h00die",
"Ron Jost",
"Thinkland Security Team"
],
"description": "The Wordpress Plugin Catch Themes Demo Import versions < 1.8 are vulnerable to authenticated\n arbitrary file uploads via the import functionality found in the\n ~/inc/CatchThemesDemoImport.php file, due to insufficient file type validation.\n Re-exploitation may need a reboot of the server, or to wait an arbitrary timeout.\n During testing this timeout was roughly 5min.",
"references": [
"EDB-50580",
"CVE-2021-39352",
"URL-https://plugins.trac.wordpress.org/changeset/2617555/catch-themes-demo-import/trunk/inc/CatchThemesDemoImport.php",
"URL-https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39352",
"WPVDB-781f2ff4-cb94-40d7-96cb-90128daed862"
],
"platform": "PHP",
"arch": "php",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Automatic Target"
],
"mod_time": "2022-01-04 14:43:04 +0000",
"path": "/modules/exploits/multi/http/wp_catch_themes_demo_import.rb",
"is_install_path": true,
"ref_name": "multi/http/wp_catch_themes_demo_import",
"check": true,
"post_auth": true,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"SideEffects": [
"artifacts-on-disk",
"ioc-in-logs"
],
"Reliability": [
"unreliable-session"
]
},
"session_types": false,
"needs_cleanup": true
},
"exploit_multi/http/wp_crop_rce": {
"name": "WordPress Crop-image Shell Upload",
"fullname": "exploit/multi/http/wp_crop_rce",