automatic module_metadata_base.json update

2020-05-04 16:23:04 -05:00
parent d2b196f172
commit eaa9904676
1 changed files with 50 additions and 0 deletions
@@ -92107,6 +92107,56 @@
    },
    "needs_cleanup": true
  },
+  "exploit_unix/webapp/trixbox_ce_endpoint_devicemap_rce": {
+    "name": "TrixBox CE endpoint_devicemap.php Authenticated Command Execution",
+    "fullname": "exploit/unix/webapp/trixbox_ce_endpoint_devicemap_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2020-04-28",
+    "type": "exploit",
+    "author": [
+      "Anastasios Stasinopoulos ( <Anastasios Stasinopoulos (@ancst)>"
+    ],
+    "description": "This module exploits an authenticated OS command injection\n          vulnerability found in Trixbox CE version 1.2.0 to 2.8.0.4\n          inclusive in the \"network\" POST parameter of the\n          \"/maint/modules/endpointcfg/endpoint_devicemap.php\" page.\n          Successful exploitation allows for arbitrary command execution\n          on the underlying operating system as the \"asterisk\" user.\n          Users can easily elevate their privileges to the \"root\" user\n          however by executing \"sudo nmap --interactive\" followed by \"!sh\"\n          from within nmap.",
+    "references": [
+      "CVE-2020-7351",
+      "URL-https://github.com/rapid7/metasploit-framework/pull/13353"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic (Linux Dropper)",
+      "Automatic (Unix In-Memory)"
+    ],
+    "mod_time": "2020-04-28 17:25:43 +0000",
+    "path": "/modules/exploits/unix/webapp/trixbox_ce_endpoint_devicemap_rce.rb",
+    "is_install_path": true,
+    "ref_name": "unix/webapp/trixbox_ce_endpoint_devicemap_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": true,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
  "exploit_unix/webapp/trixbox_langchoice": {
    "name": "Trixbox langChoice PHP Local File Inclusion",
    "fullname": "exploit/unix/webapp/trixbox_langchoice",