From 91f2a482701e25202983ebf786669b46dc56da73 Mon Sep 17 00:00:00 2001
From: Metasploit <metasploit@rapid7.com>
Date: Thu, 4 Aug 2022 13:07:25 -0500
Subject: [PATCH] automatic module_metadata_base.json update

---
 db/modules_metadata_base.json | 117 ++++++++++++++++++++++++++++++++++
 1 file changed, 117 insertions(+)

diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
index 9bfdf63ef9..83bb2627e7 100644
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@@ -56976,6 +56976,59 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/fileformat/unrar_cve_2022_30333": {
+    "name": "UnRAR Path Traversal (CVE-2022-30333)",
+    "fullname": "exploit/linux/fileformat/unrar_cve_2022_30333",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-06-28",
+    "type": "exploit",
+    "author": [
+      "Simon Scannell",
+      "Ron Bowes"
+    ],
+    "description": "This module creates a RAR file that exploits CVE-2022-30333, which is a\n          path-traversal vulnerability in unRAR that can extract an arbitrary file\n          to an arbitrary location on a Linux system. UnRAR fixed this\n          vulnerability in version 6.12 (open source version 6.1.7).\n\n          The core issue is that when a symbolic link is unRAR'ed, Windows\n          symbolic links are not properly validated on Linux systems and can\n          therefore write a symbolic link that points anywhere on the filesystem.\n          If a second file in the archive has the same name, it will be written\n          to the symbolic link path.",
+    "references": [
+      "CVE-2022-30333",
+      "URL-https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/",
+      "URL-https://github.com/pmachapman/unrar/commit/22b52431a0581ab5d687747b65662f825ec03946",
+      "URL-https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64",
+    "rport": null,
+    "autofilter_ports": [
+
+    ],
+    "autofilter_services": [
+
+    ],
+    "targets": [
+      "Generic RAR file"
+    ],
+    "mod_time": "2022-08-01 10:03:35 +0000",
+    "path": "/modules/exploits/linux/fileformat/unrar_cve_2022_30333.rb",
+    "is_install_path": true,
+    "ref_name": "linux/fileformat/unrar_cve_2022_30333",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/ftp/proftp_sreplace": {
     "name": "ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)",
     "fullname": "exploit/linux/ftp/proftp_sreplace",
@@ -69645,6 +69698,70 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/zimbra_unrar_cve_2022_30333": {
+    "name": "UnRAR Path Traversal in Zimbra (CVE-2022-30333)",
+    "fullname": "exploit/linux/http/zimbra_unrar_cve_2022_30333",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2022-06-28",
+    "type": "exploit",
+    "author": [
+      "Simon Scannell",
+      "Ron Bowes"
+    ],
+    "description": "This module creates a RAR file that can be emailed to a Zimbra server\n          to exploit CVE-2022-30333. If successful, it plants a JSP-based\n          backdoor in the public web directory, then executes that backdoor.\n\n          The core vulnerability is a path-traversal issue in unRAR that can\n          extract an arbitrary file to an arbitrary location on a Linux system.\n\n          This issue is exploitable on the following versions of Zimbra, provided\n          UnRAR version 6.11 or earlier is installed:\n\n          * Zimbra Collaboration 9.0.0 Patch 24 (and earlier)\n          * Zimbra Collaboration 8.8.15 Patch 31 (and earlier)",
+    "references": [
+      "CVE-2022-30333",
+      "URL-https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/",
+      "URL-https://github.com/pmachapman/unrar/commit/22b52431a0581ab5d687747b65662f825ec03946",
+      "URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P25",
+      "URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P32",
+      "URL-https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis"
+    ],
+    "platform": "Linux",
+    "arch": "x86, x64",
+    "rport": 443,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Zimbra Collaboration Suite"
+    ],
+    "mod_time": "2022-08-04 08:24:32 +0000",
+    "path": "/modules/exploits/linux/http/zimbra_unrar_cve_2022_30333.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/zimbra_unrar_cve_2022_30333",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_linux/http/zimbra_xxe_rce": {
     "name": "Zimbra Collaboration Autodiscover Servlet XXE and ProxyServlet SSRF",
     "fullname": "exploit/linux/http/zimbra_xxe_rce",