automatic module_metadata_base.json update

jenkins-metasploit · jenkins-metasploit · commit 2bd4f11ec5af · 2024-12-07T00:35:11.000Z
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -111404,6 +111404,71 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/primefaces_weak_encryption_rce": {
+    "name": "Primefaces Remote Code Execution Exploit",
+    "fullname": "exploit/multi/http/primefaces_weak_encryption_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2016-02-15",
+    "type": "exploit",
+    "author": [
+      "Bjoern Schuette",
+      "h00die"
+    ],
+    "description": "This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework.\n          Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack,\n          due to the use of weak crypto and default encryption password and salt.\n\n          Tested against Docker image with Tomcat 7.0 with the Primefaces 5.2 showcase application. See\n          documentation for working payloads.",
+    "references": [
+      "CVE-2017-1000486",
+      "URL-https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html",
+      "URL-https://web.archive.org/web/20180515174733/https://cryptosense.com/blog/weak-encryption-flaw-in-primefaces",
+      "URL-https://schuette.se/2018/01/17/cve-2017-1000486-in-your-primeface/",
+      "URL-https://github.com/primefaces/primefaces/issues/1152",
+      "URL-https://github.com/pimps/CVE-2017-1000486/tree/master",
+      "EDB-43733"
+    ],
+    "platform": "BSD,Linux,OSX,Unix,Windows",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Universal"
+    ],
+    "mod_time": "2024-12-06 16:00:58 +0000",
+    "path": "/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/primefaces_weak_encryption_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_multi/http/processmaker_exec": {
     "name": "ProcessMaker Open Source Authenticated PHP Code Execution",
     "fullname": "exploit/multi/http/processmaker_exec",
@@ -117460,6 +117525,70 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/wp_reallysimplessl_2fa_bypass_rce": {
+    "name": "WordPress Really Simple SSL Plugin Authentication Bypass to RCE",
+    "fullname": "exploit/multi/http/wp_reallysimplessl_2fa_bypass_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-11-14",
+    "type": "exploit",
+    "author": [
+      "Valentin Lobstein",
+      "István Márton"
+    ],
+    "description": "This module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin\n          (versions 9.0.0 to 9.1.1.1). The vulnerability allows bypassing two-factor authentication (2FA) and\n          uploading a plugin to achieve remote code execution (RCE). Note: For the system to be vulnerable,\n          2FA must be enabled on the target site; otherwise, the exploit will not work.",
+    "references": [
+      "CVE-2024-10924",
+      "URL-https://github.com/RandomRobbieBF/CVE-2024-10924",
+      "URL-https://www.wordfence.com/threat-intel/vulnerabilities/detail/really-simple-security-free-pro-and-pro-multisite-900-9111-authentication-bypass"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix In-Memory",
+      "Windows In-Memory"
+    ],
+    "mod_time": "2024-12-06 22:46:57 +0000",
+    "path": "/modules/exploits/multi/http/wp_reallysimplessl_2fa_bypass_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_reallysimplessl_2fa_bypass_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/wp_responsive_thumbnail_slider_upload": {
     "name": "WordPress Responsive Thumbnail Slider Arbitrary File Upload",
     "fullname": "exploit/multi/http/wp_responsive_thumbnail_slider_upload",
