Skip to content

Commit 39b0943

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent b8aa55c commit 39b0943

File tree

1 file changed

+64
-0
lines changed

1 file changed

+64
-0
lines changed

db/modules_metadata_base.json

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -109401,6 +109401,70 @@
109401109401
"session_types": false,
109402109402
"needs_cleanup": true
109403109403
},
109404+
"exploit_multi/http/wp_backup_migration_php_filter": {
109405+
"name": "WordPress Backup Migration Plugin PHP Filter Chain RCE",
109406+
"fullname": "exploit/multi/http/wp_backup_migration_php_filter",
109407+
"aliases": [
109408+
109409+
],
109410+
"rank": 600,
109411+
"disclosure_date": "2023-12-11",
109412+
"type": "exploit",
109413+
"author": [
109414+
"Nex Team",
109415+
"Valentin Lobstein",
109416+
"jheysel-r7"
109417+
],
109418+
"description": "This module exploits an unauth RCE in the WordPress plugin: Backup Migration (<= 1.3.7). The vulnerability is\n exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint.\n\n The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend\n bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend\n a PHP payload to a string which gets evaluated by a require statement, which results in command execution.",
109419+
"references": [
109420+
"CVE-2023-6553",
109421+
"URL-https://github.com/Chocapikk/CVE-2023-6553/blob/main/exploit.py",
109422+
"URL-https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it",
109423+
"WPVDB-6a4d0af9-e1cd-4a69-a56c-3c009e207eca"
109424+
],
109425+
"platform": "Linux,PHP,Unix,Windows",
109426+
"arch": "php",
109427+
"rport": 80,
109428+
"autofilter_ports": [
109429+
80,
109430+
8080,
109431+
443,
109432+
8000,
109433+
8888,
109434+
8880,
109435+
8008,
109436+
3000,
109437+
8443
109438+
],
109439+
"autofilter_services": [
109440+
"http",
109441+
"https"
109442+
],
109443+
"targets": [
109444+
"Automatic"
109445+
],
109446+
"mod_time": "2024-01-16 14:49:22 +0000",
109447+
"path": "/modules/exploits/multi/http/wp_backup_migration_php_filter.rb",
109448+
"is_install_path": true,
109449+
"ref_name": "multi/http/wp_backup_migration_php_filter",
109450+
"check": true,
109451+
"post_auth": false,
109452+
"default_credential": false,
109453+
"notes": {
109454+
"Stability": [
109455+
"crash-safe"
109456+
],
109457+
"Reliability": [
109458+
"repeatable-session"
109459+
],
109460+
"SideEffects": [
109461+
"ioc-in-logs",
109462+
"artifacts-on-disk"
109463+
]
109464+
},
109465+
"session_types": false,
109466+
"needs_cleanup": true
109467+
},
109404109468
"exploit_multi/http/wp_catch_themes_demo_import": {
109405109469
"name": "Wordpress Plugin Catch Themes Demo Import RCE",
109406109470
"fullname": "exploit/multi/http/wp_catch_themes_demo_import",

0 commit comments

Comments
 (0)