automatic module_metadata_base.json update

2019-04-04 13:32:00 -07:00 · 2019-04-04 13:32:00 -07:00 · 0c7e589db8
parent fff129ae9f
commit 0c7e589db8
1 changed files with 47 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -66645,6 +66645,53 @@
    "notes": {
    }
  },
+  "exploit_multi/http/wp_crop_rce": {
+    "name": "WordPress Crop-image Shell Upload",
+    "full_name": "exploit/multi/http/wp_crop_rce",
+    "rank": 600,
+    "disclosure_date": "2019-02-19",
+    "type": "exploit",
+    "author": [
+      "RIPSTECH Technology",
+      "Wilfried Becard <wilfried.becard@synacktiv.com>"
+    ],
+    "description": "This module exploits a path traversal and a local file inclusion\n          vulnerability on WordPress versions 5.0.0 and <= 4.9.8.\n          The crop-image function allows a user, with at least author privileges,\n          to resize an image and perform a path traversal by changing the _wp_attached_file\n          reference during the upload. The second part of the exploit will include\n          this image in the current theme by changing the _wp_page_template attribute\n          when creating a post.\n\n          This exploit module only works for Unix-based systems currently.",
+    "references": [
+      "CVE-2019-8942",
+      "CVE-2019-8943",
+      "URL-https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/"
+    ],
+    "platform": "PHP",
+    "arch": "php",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "WordPress"
+    ],
+    "mod_time": "2019-04-04 15:19:58 +0000",
+    "path": "/modules/exploits/multi/http/wp_crop_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_crop_rce",
+    "check": true,
+    "post_auth": true,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": {
    "name": "WordPress Ninja Forms Unauthenticated File Upload",
    "full_name": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",