|
40870 | 40870 | "needs_cleanup": false, |
40871 | 40871 | "actions": [] |
40872 | 40872 | }, |
| 40873 | + "auxiliary_scanner/http/pretalx_file_read_cve_2023_28459": { |
| 40874 | + "name": "Pretalx Arbitrary File Read/Limited File Write", |
| 40875 | + "fullname": "auxiliary/scanner/http/pretalx_file_read_cve_2023_28459", |
| 40876 | + "aliases": [], |
| 40877 | + "rank": 300, |
| 40878 | + "disclosure_date": null, |
| 40879 | + "type": "auxiliary", |
| 40880 | + "author": [ |
| 40881 | + "Stefan Schiller", |
| 40882 | + "msutovsky-r7" |
| 40883 | + ], |
| 40884 | + "description": "This module exploits functionality in Pretalx that export conference schedule as zipped file. The Pretalx will iteratively include any file referenced by any HTML tag and does not properly check the path of the file, which can lead to arbitrary file read. The module requires credentials that allow schedule export, schedule release and approval of proposals. Additionally, module requires conference name and URL for media files.", |
| 40885 | + "references": [], |
| 40886 | + "platform": "", |
| 40887 | + "arch": "", |
| 40888 | + "rport": 80, |
| 40889 | + "autofilter_ports": [ |
| 40890 | + 80, |
| 40891 | + 8080, |
| 40892 | + 443, |
| 40893 | + 8000, |
| 40894 | + 8888, |
| 40895 | + 8880, |
| 40896 | + 8008, |
| 40897 | + 3000, |
| 40898 | + 8443 |
| 40899 | + ], |
| 40900 | + "autofilter_services": [ |
| 40901 | + "http", |
| 40902 | + "https" |
| 40903 | + ], |
| 40904 | + "targets": null, |
| 40905 | + "mod_time": "2025-08-22 15:26:46 +0000", |
| 40906 | + "path": "/modules/auxiliary/scanner/http/pretalx_file_read_cve_2023_28459.rb", |
| 40907 | + "is_install_path": true, |
| 40908 | + "ref_name": "scanner/http/pretalx_file_read_cve_2023_28459", |
| 40909 | + "check": true, |
| 40910 | + "post_auth": true, |
| 40911 | + "default_credential": false, |
| 40912 | + "notes": { |
| 40913 | + "Stability": [ |
| 40914 | + "crash-safe" |
| 40915 | + ], |
| 40916 | + "Reliability": [ |
| 40917 | + "repeatable-session" |
| 40918 | + ], |
| 40919 | + "SideEffects": [ |
| 40920 | + "ioc-in-logs", |
| 40921 | + "artifacts-on-disk" |
| 40922 | + ] |
| 40923 | + }, |
| 40924 | + "session_types": false, |
| 40925 | + "needs_cleanup": false, |
| 40926 | + "actions": [] |
| 40927 | + }, |
40873 | 40928 | "auxiliary_scanner/http/prev_dir_same_name_file": { |
40874 | 40929 | "name": "HTTP Previous Directory File Scanner", |
40875 | 40930 | "fullname": "auxiliary/scanner/http/prev_dir_same_name_file", |
|
82004 | 82059 | "session_types": false, |
82005 | 82060 | "needs_cleanup": null |
82006 | 82061 | }, |
| 82062 | + "exploit_linux/http/pretalx_rce_cve_2023_28458": { |
| 82063 | + "name": "Pretalx Limited File Write to Remote Code Execution", |
| 82064 | + "fullname": "exploit/linux/http/pretalx_rce_cve_2023_28458", |
| 82065 | + "aliases": [], |
| 82066 | + "rank": 600, |
| 82067 | + "disclosure_date": "2023-03-07", |
| 82068 | + "type": "exploit", |
| 82069 | + "author": [ |
| 82070 | + "Stefan Schiller", |
| 82071 | + "msutovsky-r7" |
| 82072 | + ], |
| 82073 | + "description": "This module exploits CVE-2023-28458, a limited file write in Pretalx, up to version 2.3.1. The module will use the vulnerability to write a malicious site-specific configuration hook forPython. Once hook is written, payload will be executed every time Pretalx user runs any Python code. Pretalx needs to run in debug mode to exploit this.", |
| 82074 | + "references": [ |
| 82075 | + "URL-https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/", |
| 82076 | + "CVE-2023-28458" |
| 82077 | + ], |
| 82078 | + "platform": "Linux,Unix", |
| 82079 | + "arch": "cmd", |
| 82080 | + "rport": 80, |
| 82081 | + "autofilter_ports": [ |
| 82082 | + 80, |
| 82083 | + 8080, |
| 82084 | + 443, |
| 82085 | + 8000, |
| 82086 | + 8888, |
| 82087 | + 8880, |
| 82088 | + 8008, |
| 82089 | + 3000, |
| 82090 | + 8443 |
| 82091 | + ], |
| 82092 | + "autofilter_services": [ |
| 82093 | + "http", |
| 82094 | + "https" |
| 82095 | + ], |
| 82096 | + "targets": [ |
| 82097 | + "Linux Target" |
| 82098 | + ], |
| 82099 | + "mod_time": "2025-08-22 15:26:46 +0000", |
| 82100 | + "path": "/modules/exploits/linux/http/pretalx_rce_cve_2023_28458.rb", |
| 82101 | + "is_install_path": true, |
| 82102 | + "ref_name": "linux/http/pretalx_rce_cve_2023_28458", |
| 82103 | + "check": true, |
| 82104 | + "post_auth": true, |
| 82105 | + "default_credential": false, |
| 82106 | + "notes": { |
| 82107 | + "Stability": [ |
| 82108 | + "crash-safe" |
| 82109 | + ], |
| 82110 | + "Reliability": [ |
| 82111 | + "repeatable-session" |
| 82112 | + ], |
| 82113 | + "SideEffects": [ |
| 82114 | + "artifacts-on-disk", |
| 82115 | + "ioc-in-logs" |
| 82116 | + ] |
| 82117 | + }, |
| 82118 | + "session_types": false, |
| 82119 | + "needs_cleanup": null |
| 82120 | + }, |
82007 | 82121 | "exploit_linux/http/progress_flowmon_unauth_cmd_injection": { |
82008 | 82122 | "name": "Flowmon Unauthenticated Command Injection", |
82009 | 82123 | "fullname": "exploit/linux/http/progress_flowmon_unauth_cmd_injection", |
|
0 commit comments