adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

automatic module_metadata_base.json update

Browse Source
This commit is contained in:
jenkins-metasploit
2026-04-14 14:41:11 +00:00
parent 5b6c2be9d1
commit dbcb702e1d
1 changed files with 25 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/modules_metadata_base.json
+25 -78
View File
@@ -85934,87 +85934,33 @@
"session_types": false, "session_types": false,
"needs_cleanup": null "needs_cleanup": null
}, },
"exploit_linux/http/selenium_greed_chrome_rce_cve_2022_28108": { "exploit_linux/http/selenium_greed_rce": {
"name": "Selenium chrome RCE", "name": "Selenium Grid/Selenoid Unauthenticated RCE",
"fullname": "exploit/linux/http/selenium_greed_chrome_rce_cve_2022_28108", "fullname": "exploit/linux/http/selenium_greed_rce",
"aliases": [], "aliases": [
"exploit/linux/http/selenium_greed_chrome_rce_cve_2022_28108",
"exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108"
],
"rank": 600, "rank": 600,
"disclosure_date": "2022-04-18", "disclosure_date": "2021-05-28",
"type": "exploit",
"author": [
"randomstuff (Gabriel Corona)",
"Wiz Research",
"Takahiro Yokoyama"
],
"description": "Selenium Server (Grid) before 4.0.0-alpha-7 allows CSRF because it permits non-JSON content types\n such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.",
"references": [
"CVE-2022-28108",
"URL-https://www.wiz.io/blog/seleniumgreed-cryptomining-exploit-attack-flow-remediation-steps",
"URL-https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"
],
"platform": "Linux,Unix",
"arch": "cmd",
"rport": 4444,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Linux Command"
],
"mod_time": "2025-12-17 16:12:31 +0000",
"path": "/modules/exploits/linux/http/selenium_greed_chrome_rce_cve_2022_28108.rb",
"is_install_path": true,
"ref_name": "linux/http/selenium_greed_chrome_rce_cve_2022_28108",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"SideEffects": [
"artifacts-on-disk",
"ioc-in-logs"
],
"Reliability": [
"repeatable-session"
]
},
"session_types": false,
"needs_cleanup": null
},
"exploit_linux/http/selenium_greed_firefox_rce_cve_2022_28108": {
"name": "Selenium geckodriver RCE",
"fullname": "exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108",
"aliases": [],
"rank": 600,
"disclosure_date": "2022-04-18",
"type": "exploit", "type": "exploit",
"author": [ "author": [
"Jon Stratton", "Jon Stratton",
"Takahiro Yokoyama" "Wiz Research",
"Takahiro Yokoyama",
"Valentin Lobstein <chocapikk@leakix.net>"
], ],
"description": "Selenium Server (Grid) <= 4.27.0 (latest version at the time of this writing)\n allows CSRF because it permits non-JSON content types\n such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.", "description": "Selenium Grid and Selenoid expose a WebDriver API that allows creating\n browser sessions with arbitrary capabilities. When deployed without\n authentication (the default for both), an attacker can achieve remote\n code execution through two browser-specific techniques:\n\n For Chrome, the goog:chromeOptions binary field can be set to an\n arbitrary executable such as /usr/bin/python3, since ChromeDriver does\n not validate it. This was fixed in Selenium Grid 4.11.0 via the\n stereotype capabilities merge. All Selenoid versions remain vulnerable.\n\n For Firefox, a custom profile containing a malicious MIME handler that\n maps application/sh to /bin/sh can be injected via moz:firefoxOptions.\n Navigating to a data: URI with that content type triggers shell\n execution. This technique has never been patched and works on all\n Selenium Grid versions including the latest release.\n\n The module auto-detects available browsers and selects the best attack\n vector. Firefox is preferred as it works on all Grid versions.\n\n The default Docker images run as seluser/selenium with passwordless\n sudo, allowing trivial privilege escalation to root.",
"references": [ "references": [
"CVE-2022-28108", "URL-https://www.wiz.io/blog/seleniumgreed-cryptomining-exploit-attack-flow-remediation-steps",
"URL-https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/", "URL-https://www.selenium.dev/blog/2024/protecting-unsecured-selenium-grid/",
"URL-https://github.com/SeleniumHQ/selenium/issues/9526",
"URL-https://github.com/JonStratton/selenium-node-takeover-kit/tree/master", "URL-https://github.com/JonStratton/selenium-node-takeover-kit/tree/master",
"EDB-49915" "EDB-49915",
"CWE-306"
], ],
"platform": "Linux,Unix", "platform": "Linux,Python,Unix",
"arch": "cmd", "arch": "python, cmd",
"rport": 4444, "rport": 4444,
"autofilter_ports": [ "autofilter_ports": [
80, 80,
@@ -86032,12 +85978,13 @@
"https" "https"
], ],
"targets": [ "targets": [
"Linux Command" "Python In-Memory",
"Unix/Linux Command Shell"
], ],
"mod_time": "2025-12-17 16:12:31 +0000", "mod_time": "2026-04-14 10:17:04 +0000",
"path": "/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb", "path": "/modules/exploits/linux/http/selenium_greed_rce.rb",
"is_install_path": true, "is_install_path": true,
"ref_name": "linux/http/selenium_greed_firefox_rce_cve_2022_28108", "ref_name": "linux/http/selenium_greed_rce",
"check": true, "check": true,
"post_auth": false, "post_auth": false,
"default_credential": false, "default_credential": false,
@@ -86054,7 +86001,7 @@
] ]
}, },
"session_types": false, "session_types": false,
"needs_cleanup": null "needs_cleanup": true
}, },
"exploit_linux/http/skyvern_ssti_cve_2025_49619": { "exploit_linux/http/skyvern_ssti_cve_2025_49619": {
"name": "Skyvern SSTI Remote Code Execution", "name": "Skyvern SSTI Remote Code Execution",