automatic module_metadata_base.json update

db/modules_metadata_base.json

@@ -11708,6 +11708,38 @@
     "notes": {
     }
   },
+  "auxiliary_gather/pimcore_creds_sqli": {
+    "name": "Pimcore List Credentials",
+    "full_name": "auxiliary/gather/pimcore_creds_sqli",
+    "rank": 300,
+    "disclosure_date": "2018-08-13",
+    "type": "auxiliary",
+    "author": [
+      "Thongchai Silpavarangkura",
+      "N. Rai-Ngoen",
+      "Shelby Pace"
+    ],
+    "description": "This module extracts the usernames and hashed passwords of all users of\n        the Pimcore web service by exploiting a SQL injection vulnerability in\n        Pimcore's REST API.\n\n        Pimcore begins to create password hashes by concatenating a user's\n        username, the name of the application, and the user's password in the\n        format USERNAME:pimcore:PASSWORD.\n\n        The resulting string is then used to generate an MD5 hash, and then that\n        MD5 hash is used to create the final hash, which is generated using\n        PHP's built-in password_hash function.",
+    "references": [
+      "CVE-2018-14058",
+      "EDB-45208"
+    ],
+    "is_server": false,
+    "is_client": false,
+    "platform": "",
+    "arch": "",
+    "rport": 80,
+    "targets": null,
+    "mod_time": "2018-09-19 20:34:12 +0000",
+    "path": "/modules/auxiliary/gather/pimcore_creds_sqli.rb",
+    "is_install_path": true,
+    "ref_name": "gather/pimcore_creds_sqli",
+    "check": false,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
   "auxiliary_gather/qnap_backtrace_admin_hash": {
     "name": "QNAP NAS/NVR Administrator Hash Disclosure",
     "full_name": "auxiliary/gather/qnap_backtrace_admin_hash",