automatic module_metadata_base.json update

2018-11-05 09:45:42 -08:00 · 2018-11-05 09:45:42 -08:00 · 628e66070e
parent a32d8083f0
commit 628e66070e
1 changed files with 55 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -76067,6 +76067,61 @@
    "notes": {
    }
  },
+  "exploit_unix/webapp/jquery_file_upload": {
+    "name": "blueimp's jQuery (Arbitrary) File Upload",
+    "full_name": "exploit/unix/webapp/jquery_file_upload",
+    "rank": 600,
+    "disclosure_date": "2018-10-09",
+    "type": "exploit",
+    "author": [
+      "Claudio Viviani",
+      "Larry W. Cashdollar",
+      "wvu <wvu@metasploit.com>"
+    ],
+    "description": "This module exploits an arbitrary file upload in the sample PHP upload\n        handler for blueimp's jQuery File Upload widget in versions <= 9.22.0.\n\n        Due to a default configuration in Apache 2.3.9+, the widget's .htaccess\n        file may be disabled, enabling exploitation of this vulnerability.\n\n        This vulnerability has been exploited in the wild since at least 2015\n        and was publicly disclosed to the vendor in 2018. It has been present\n        since the .htaccess change in Apache 2.3.9.\n\n        This module provides a generic exploit against the jQuery widget.",
+    "references": [
+      "CVE-2018-9206",
+      "URL-http://www.vapidlabs.com/advisory.php?v=204",
+      "URL-https://github.com/blueimp/jQuery-File-Upload/pull/3514",
+      "URL-https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206",
+      "URL-https://www.homelab.it/index.php/2015/04/04/wordpress-work-the-flow-file-upload-vulnerability/",
+      "URL-https://github.com/rapid7/metasploit-framework/pull/5130",
+      "URL-https://httpd.apache.org/docs/current/mod/core.html#allowoverride"
+    ],
+    "is_server": true,
+    "is_client": false,
+    "platform": "Linux,PHP",
+    "arch": "php, x86, x64",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP Dropper",
+      "Linux Dropper"
+    ],
+    "mod_time": "2018-10-23 16:24:26 +0000",
+    "path": "/modules/exploits/unix/webapp/jquery_file_upload.rb",
+    "is_install_path": true,
+    "ref_name": "unix/webapp/jquery_file_upload",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_unix/webapp/kimai_sqli": {
    "name": "Kimai v0.9.2 'db_restore.php' SQL Injection",
    "full_name": "exploit/unix/webapp/kimai_sqli",