automatic module_metadata_base.json update

2018-11-27 14:55:50 -08:00 · 2018-11-27 14:55:50 -08:00 · d400851883
parent 7daedb48f4
commit d400851883
1 changed files with 53 additions and 0 deletions
--- a/db/modules_metadata_base.json
+++ b/db/modules_metadata_base.json
@ -50539,6 +50539,59 @@
    "notes": {
    }
  },
+  "exploit_linux/http/php_imap_open_rce": {
+    "name": "php imap_open Remote Code Execution",
+    "full_name": "exploit/linux/http/php_imap_open_rce",
+    "rank": 400,
+    "disclosure_date": "2018-10-23",
+    "type": "exploit",
+    "author": [
+      "Anton Lopanitsyn",
+      "Twoster",
+      "h00die"
+    ],
+    "description": "The imap_open function within php, if called without the /norsh flag, will attempt to preauthenticate an\n        IMAP session.  On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary.  Ssh's ProxyCommand\n        option can be passed from imap_open to execute arbitrary commands.\n        While many custom applications may use imap_open, this exploit works against the following applications:\n        e107 v2, prestashop, SuiteCRM, as well as Custom, which simply prints the exploit strings for use.\n        Prestashop exploitation requires the admin URI, and administrator credentials.\n        suiteCRM/e107/hostcms require administrator credentials.",
+    "references": [
+      "URL-https://web.archive.org/web/20181118213536/https://antichat.com/threads/463395",
+      "URL-https://github.com/Bo0oM/PHP_imap_open_exploit",
+      "EDB-45865"
+    ],
+    "is_server": true,
+    "is_client": false,
+    "platform": "Unix",
+    "arch": "cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "prestashop",
+      "suitecrm",
+      "e107v2",
+      "custom"
+    ],
+    "mod_time": "2018-11-25 10:59:53 +0000",
+    "path": "/modules/exploits/linux/http/php_imap_open_rce.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/php_imap_open_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+    }
+  },
  "exploit_linux/http/pineapp_ldapsyncnow_exec": {
    "name": "PineApp Mail-SeCure ldapsyncnow.php Arbitrary Command Execution",
    "full_name": "exploit/linux/http/pineapp_ldapsyncnow_exec",