Last updated at Fri, 19 Apr 2024 20:16:28 GMT
Welcome Ryan 和 the new CrushFTP module
It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the 紧急威胁响应 team, which works alongside Metasploit here at Rapid7. Ryan discovered an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in CrushFTP (cve - 2023 - 43177) versions prior to 10.5.1 which results in unauthenticated remote code execution. Metasploit's very own Christophe De La Fuente did a fantastic job of turning this complex exploit into a smooth running Metasploit module. This release includes another unauthenticated remote code execution vulnerability in the oh so popular PostgreSQL management tool, pgAdmin. 斯宾塞·麦金泰尔(Spencer McIntyre)撰写, the module exploits cve - 2024 - 2044 which is a path-traversal vulnerability in the session management that allows a Python pickle object to be loaded 和 deserialized.
新增模块内容(3)
MongoDB Ops 经理 Diagnostic Archive Sensitive Information Retriever
作者:h00die
类型:辅助
拉的要求: #18936 提供的 h00die
路径: gather/mongodb_ops_manager_diagnostic_archive_info
AttackerKB参考: cve - 2023 - 0342
Description: This adds an auxiliary module that leverages an information disclosure vulnerability (cve - 2023 - 0342) in MongoDB Ops 经理 v5.0之前5.0.21和v6.0到6.0.12 to retrieve the SAML SSL Pem Key File Password, which is stored in plaintext in the application's Diagnostics Archive.
CrushFTP未认证的RCE
Authors: Christophe De La Fuente 和 Ryan Emmons
类型:利用
拉的要求: #18918 提供的 cdelafuente-r7
路径: multi/http/crushftp_rce_cve_2023_43177
AttackerKB参考: cve - 2023 - 43177
Description: This exploit module leverages an Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability (cve - 2023 - 43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1.
pgAdmin Session Deserialization RCE
Authors: Abdel Adim Oisfi, Davide Silvetti, 和 Spencer McIntyre
类型:利用
拉的要求: #19026 提供的 zeroSteiner
路径: multi/http/pgadmin_session_deserialization
AttackerKB参考: cve - 2024 - 2044
Description: This adds an exploit for pgAdmin <= 8.3 which is a path traversal vulnerability in the session management that allows a Python pickle object to be loaded 和 deserialized. This also adds a new Python deserialization gadget chain to execute the code in a new thread so the target application doesn't block the HTTP request.
Enhancements 和 features (0)
没有一个
bug修复(0)
没有一个
文档
You can find the latest Metasploit documentation on our 文档ite at 文档.metasploit.com.
得到它
As always, you can update to the latest Metasploit Framework with msfupdate
和 you can get more details on the changes since the last blog post from
GitHub:
如果你是 git 用户,可以克隆 Metasploit框架 (master branch) f或者是 latest.
To install fresh without using git, you can use the open-source-only 夜间的安装程序 或者是
商业版 Metasploit职业
