automatic module_metadata_base.json update

msjenkins-r7 · msjenkins-r7 · commit f8ada15deabf · 2024-09-17T06:15:03.000-05:00
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -114954,6 +114954,69 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_multi/http/wp_litespeed_cookie_theft": {
+    "name": "Wordpress LiteSpeed Cache plugin cookie theft",
+    "fullname": "exploit/multi/http/wp_litespeed_cookie_theft",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-09-04",
+    "type": "exploit",
+    "author": [
+      "Rafie Muhammad",
+      "jheysel-r7"
+    ],
+    "description": "This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin\n          that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when\n          the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint\n          which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default.\n          The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.",
+    "references": [
+      "URL-https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/",
+      "CVE-2024-44000"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix In-Memory",
+      "Windows In-Memory"
+    ],
+    "mod_time": "2024-09-16 09:46:57 +0000",
+    "path": "/modules/exploits/multi/http/wp_litespeed_cookie_theft.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_litespeed_cookie_theft",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": {
     "name": "WordPress Ninja Forms Unauthenticated File Upload",
     "fullname": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",
