automatic module_metadata_base.json update

2019-12-01 10:21:16 -06:00 · 2019-12-01 10:21:16 -06:00 · 95047f9fee
parent 41569b78ba
commit 95047f9fee
1 changed files with 49 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -84777,6 +84777,55 @@
    },
    "needs_cleanup": null
  },
+  "exploit_unix/webapp/ajenti_auth_username_cmd_injection": {
+    "name": "Ajenti auth username Command Injection",
+    "fullname": "exploit/unix/webapp/ajenti_auth_username_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2019-10-14",
+    "type": "exploit",
+    "author": [
+      "Jeremy Brown",
+      "Onur ER <onur@onurer.net>"
+    ],
+    "description": "This module exploits a command injection in Ajenti == 2.1.31.\n        By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.",
+    "references": [
+      "EDB-47497"
+    ],
+    "platform": "Python",
+    "arch": "python",
+    "rport": 8000,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Ajenti == 2.1.31"
+    ],
+    "mod_time": "2019-11-20 19:09:24 +0000",
+    "path": "/modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "unix/webapp/ajenti_auth_username_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    },
+    "needs_cleanup": null
+  },
  "exploit_unix/webapp/arkeia_upload_exec": {
    "name": "Western Digital Arkeia Remote Code Execution",
    "fullname": "exploit/unix/webapp/arkeia_upload_exec",