From e600f199ac2c23d2622ba0126752f07853486a1c Mon Sep 17 00:00:00 2001 From: Metasploit Date: Tue, 30 Jul 2024 11:08:13 -0500 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 114 +++++++++++++++++++--------------- 1 file changed, 64 insertions(+), 50 deletions(-) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index 24359c6cae1e..ad2229b31616 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -106749,56 +106749,6 @@ "session_types": false, "needs_cleanup": null }, - "exploit_multi/http/openmediavault_cmd_exec": { - "name": "OpenMediaVault Cron Remote Command Execution", - "fullname": "exploit/multi/http/openmediavault_cmd_exec", - "aliases": [ - - ], - "rank": 600, - "disclosure_date": "2013-10-30", - "type": "exploit", - "author": [ - "Brandon Perry " - ], - "description": "OpenMediaVault allows an authenticated user to create cron jobs as arbitrary users on the system.\n An attacker can abuse this to run arbitrary commands as any user available on the system (including root).", - "references": [ - "CVE-2013-3632", - "URL-https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats" - ], - "platform": "Linux,Unix", - "arch": "cmd", - "rport": 80, - "autofilter_ports": [ - 80, - 8080, - 443, - 8000, - 8888, - 8880, - 8008, - 3000, - 8443 - ], - "autofilter_services": [ - "http", - "https" - ], - "targets": [ - "Automatic" - ], - "mod_time": "2022-01-23 15:28:32 +0000", - "path": "/modules/exploits/multi/http/openmediavault_cmd_exec.rb", - "is_install_path": true, - "ref_name": "multi/http/openmediavault_cmd_exec", - "check": false, - "post_auth": true, - "default_credential": false, - "notes": { - }, - "session_types": false, - "needs_cleanup": null - }, "exploit_multi/http/openmrs_deserialization": { "name": "OpenMRS Java Deserialization RCE", "fullname": "exploit/multi/http/openmrs_deserialization", @@ -128735,6 +128685,70 @@ "session_types": false, "needs_cleanup": true }, + "exploit_unix/webapp/openmediavault_auth_cron_rce": { + "name": "OpenMediaVault rpc.php Authenticated Cron Remote Code Execution", + "fullname": "exploit/unix/webapp/openmediavault_auth_cron_rce", + "aliases": [ + "exploit/multi/http/openmediavault_cmd_exec" + ], + "rank": 600, + "disclosure_date": "2013-10-30", + "type": "exploit", + "author": [ + "h00die-gr3y ", + "Brandon Perry " + ], + "description": "OpenMediaVault allows an authenticated user to create cron jobs as root on the system.\n An attacker can abuse this by sending a POST request via rpc.php to schedule and execute\n a cron entry that runs arbitrary commands as root on the system.\n All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.", + "references": [ + "CVE-2013-3632", + "PACKETSTORM-178526", + "URL-https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats", + "URL-https://attackerkb.com/topics/zl1kmXbAce/cve-2013-3632" + ], + "platform": "Linux,Unix", + "arch": "cmd, x86, x64, armle, aarch64", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "Unix Command", + "Linux Dropper" + ], + "mod_time": "2024-07-29 14:02:29 +0000", + "path": "/modules/exploits/unix/webapp/openmediavault_auth_cron_rce.rb", + "is_install_path": true, + "ref_name": "unix/webapp/openmediavault_auth_cron_rce", + "check": true, + "post_auth": true, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "Reliability": [ + "repeatable-session" + ], + "SideEffects": [ + "ioc-in-logs", + "artifacts-on-disk" + ] + }, + "session_types": false, + "needs_cleanup": null + }, "exploit_unix/webapp/openmediavault_rpc_rce": { "name": "OpenMediaVault rpc.php Authenticated PHP Code Injection", "fullname": "exploit/unix/webapp/openmediavault_rpc_rce",