automatic module_metadata_base.json update
This commit is contained in:
parent
fcd137ba41
commit
811c8e3b57
|
@ -21289,6 +21289,65 @@
|
|||
"session_types": false,
|
||||
"needs_cleanup": false
|
||||
},
|
||||
"auxiliary_gather/suite_crm_export_sqli": {
|
||||
"name": "SuiteCRM authenticated SQL injection in export functionality",
|
||||
"fullname": "auxiliary/gather/suite_crm_export_sqli",
|
||||
"aliases": [
|
||||
|
||||
],
|
||||
"rank": 300,
|
||||
"disclosure_date": "2022-05-24",
|
||||
"type": "auxiliary",
|
||||
"author": [
|
||||
"Exodus Intelligence",
|
||||
"jheysel-r7",
|
||||
"Redouane NIBOUCHA <rniboucha@yahoo.fr>"
|
||||
],
|
||||
"description": "This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability\n allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order\n to retrieve all the usernames and their associated password from the database.",
|
||||
"references": [
|
||||
"URL-https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/",
|
||||
"URL-https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6"
|
||||
],
|
||||
"platform": "",
|
||||
"arch": "",
|
||||
"rport": 80,
|
||||
"autofilter_ports": [
|
||||
80,
|
||||
8080,
|
||||
443,
|
||||
8000,
|
||||
8888,
|
||||
8880,
|
||||
8008,
|
||||
3000,
|
||||
8443
|
||||
],
|
||||
"autofilter_services": [
|
||||
"http",
|
||||
"https"
|
||||
],
|
||||
"targets": null,
|
||||
"mod_time": "2022-09-12 23:46:10 +0000",
|
||||
"path": "/modules/auxiliary/gather/suite_crm_export_sqli.rb",
|
||||
"is_install_path": true,
|
||||
"ref_name": "gather/suite_crm_export_sqli",
|
||||
"check": true,
|
||||
"post_auth": true,
|
||||
"default_credential": false,
|
||||
"notes": {
|
||||
"Stability": [
|
||||
"crash-safe"
|
||||
],
|
||||
"SideEffects": [
|
||||
"ioc-in-logs"
|
||||
],
|
||||
"Reliability": [
|
||||
"repeatable-session"
|
||||
]
|
||||
},
|
||||
"session_types": false,
|
||||
"needs_cleanup": false
|
||||
},
|
||||
"auxiliary_gather/teamtalk_creds": {
|
||||
"name": "TeamTalk Gather Credentials",
|
||||
"fullname": "auxiliary/gather/teamtalk_creds",
|
||||
|
|
Loading…
Reference in New Issue