automatic module_metadata_base.json update
This commit is contained in:
parent
1086926b2e
commit
34ffea9f3c
|
@ -94769,6 +94769,67 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_multi/php/ignition_laravel_debug_rce": {
|
||||
"name": "Unauthenticated remote code execution in Ignition",
|
||||
"fullname": "exploit/multi/php/ignition_laravel_debug_rce",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2021-01-13",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"Heyder Andrade <eu@heyderandrade.org>",
|
||||
"ambionics"
|
||||
],
|
||||
"description": "Ignition before 2.5.2, as used in Laravel and other products,\n allows unauthenticated remote attackers to execute arbitrary code\n because of insecure usage of file_get_contents() and file_put_contents().\n This is exploitable on sites using debug mode with Laravel before 8.4.2.",
|
||||
"references": [
|
||||
"CVE-2021-3129",
|
||||
"URL-https://www.ambionics.io/blog/laravel-debug-rce"
|
||||
],
|
||||
"platform": "Linux,OSX,Unix,Windows",
|
||||
"arch": "",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Unix (In-Memory)",
|
||||
"Windows (In-Memory)"
|
||||
],
|
||||
"mod_time": "2022-02-15 08:47:50 +0000",
|
||||
"path": "/modules/exploits/multi/php/ignition_laravel_debug_rce.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "multi/php/ignition_laravel_debug_rce",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_multi/php/php_unserialize_zval_cookie": {
|
||||
"name": "PHP 4 unserialize() ZVAL Reference Counter Overflow (Cookie)",
|
||||
"fullname": "exploit/multi/php/php_unserialize_zval_cookie",
|
||||
|
|
Loading…
Reference in New Issue