-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
automatic module_metadata_base.json update
- Loading branch information
1 parent
1cde619
commit c06d491
Showing
1 changed file
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -68552,6 +68552,70 @@ | |
| "session_types": false, | ||
| "needs_cleanup": true | ||
| }, | ||
| "exploit_linux/http/magnusbilling_unauth_rce_cve_2023_30258": { | ||
| "name": "MagnusBilling application unauthenticated Remote Command Execution.", | ||
| "fullname": "exploit/linux/http/magnusbilling_unauth_rce_cve_2023_30258", | ||
| "aliases": [ | ||
|
|
||
| ], | ||
| "rank": 600, | ||
| "disclosure_date": "2023-06-26", | ||
| "type": "exploit", | ||
| "author": [ | ||
| "h00die-gr3y <[email protected]>", | ||
| "Eldstal" | ||
| ], | ||
| "description": "A Command Injection vulnerability in MagnusBilling application 6.x and 7.x allows\n remote attackers to run arbitrary commands via unauthenticated HTTP request.\n A piece of demonstration code is present in `lib/icepay/icepay.php`, with a call to an exec().\n The parameter to exec() includes the GET parameter `democ`, which is controlled by the user and\n not properly sanitised/escaped.\n After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands.\n The commands run with the privileges of the web server process, typically `www-data` or `asterisk`.\n At a minimum, this allows an attacker to compromise the billing system and its database.\n\n The following MagnusBilling applications are vulnerable:\n - MagnusBilling application version 6 (all versions);\n - MagnusBilling application up to version 7.x without commit 7af21ed620 which fixes this vulnerability;", | ||
| "references": [ | ||
| "CVE-2023-30258", | ||
| "URL-https://attackerkb.com/topics/DFUJhaM5dL/cve-2023-30258", | ||
| "URL-https://eldstal.se/advisories/230327-magnusbilling.html" | ||
| ], | ||
| "platform": "Linux,PHP,Unix", | ||
| "arch": "php, cmd, x64, x86", | ||
| "rport": 80, | ||
| "autofilter_ports": [ | ||
| 80, | ||
| 8080, | ||
| 443, | ||
| 8000, | ||
| 8888, | ||
| 8880, | ||
| 8008, | ||
| 3000, | ||
| 8443 | ||
| ], | ||
| "autofilter_services": [ | ||
| "http", | ||
| "https" | ||
| ], | ||
| "targets": [ | ||
| "PHP", | ||
| "Unix Command", | ||
| "Linux Dropper" | ||
| ], | ||
| "mod_time": "2023-10-31 09:29:13 +0000", | ||
| "path": "/modules/exploits/linux/http/magnusbilling_unauth_rce_cve_2023_30258.rb", | ||
| "is_install_path": true, | ||
| "ref_name": "linux/http/magnusbilling_unauth_rce_cve_2023_30258", | ||
| "check": true, | ||
| "post_auth": false, | ||
| "default_credential": false, | ||
| "notes": { | ||
| "Stability": [ | ||
| "crash-safe" | ||
| ], | ||
| "Reliability": [ | ||
| "repeatable-session" | ||
| ], | ||
| "SideEffects": [ | ||
| "ioc-in-logs", | ||
| "artifacts-on-disk" | ||
| ] | ||
| }, | ||
| "session_types": false, | ||
| "needs_cleanup": true | ||
| }, | ||
| "exploit_linux/http/mailcleaner_exec": { | ||
| "name": "Mailcleaner Remote Code Execution", | ||
| "fullname": "exploit/linux/http/mailcleaner_exec", | ||
|
|
||