automatic module_metadata_base.json update

2023-02-21 15:44:56 -06:00 · 2023-02-21 15:44:56 -06:00 · e1e39ad5bc
parent e625e2e474
commit e1e39ad5bc
1 changed files with 65 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -68649,6 +68649,71 @@
    "session_types": false,
    "needs_cleanup": null
  },
+  "exploit_linux/http/pyload_js2py_exec": {
+    "name": "pyLoad js2py Python Execution",
+    "fullname": "exploit/linux/http/pyload_js2py_exec",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-01-13",
+    "type": "exploit",
+    "author": [
+      "Spencer McIntyre",
+      "bAu"
+    ],
+    "description": "pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code injection due to the pyimport\n          functionality exposed through the js2py library. An unauthenticated attacker can issue a crafted POST request\n          to the flash/addcrypted2 endpoint to leverage this for code execution. pyLoad by default runs two services,\n          the primary of which is on port 8000 and can not be used by external hosts. A secondary \"Click 'N' Load\"\n          service runs on port 9666 and can be used remotely without authentication.",
+    "references": [
+      "CVE-2023-0297",
+      "URL-https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/",
+      "URL-https://github.com/bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad",
+      "URL-https://github.com/pyload/pyload/commit/7d73ba7919e594d783b3411d7ddb87885aea782d"
+    ],
+    "platform": "Linux,Python,Unix",
+    "arch": "cmd, x86, x64, python",
+    "rport": 9666,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Unix Command",
+      "Linux Dropper",
+      "Python"
+    ],
+    "mod_time": "2023-02-15 16:29:42 +0000",
+    "path": "/modules/exploits/linux/http/pyload_js2py_exec.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/pyload_js2py_exec",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
  "exploit_linux/http/qnap_qcenter_change_passwd_exec": {
    "name": "QNAP Q'Center change_passwd Command Execution",
    "fullname": "exploit/linux/http/qnap_qcenter_change_passwd_exec",