Community contributor btnz-k has authored a new Emby Version Scanner module consisting of both an exploit and a scanner for the SSRF vulnerability found in Emby. Emby is a previously open source media server designed to organize, play, and stream audio and video to a variety of devices.
SharePoint, a document management and storage system designed to integrate with Microsoft Office, patched a vuln in May 2021 that allowed authenticated users to perform Remote Code Execution. Our own Spencer McIntyre and wvu authored a PR that allows exploitation of this vulnerability on unpatched systems. The user will need to have the SPBasePermissions.ManageLists
permission on the targeted site, but by default users can manually make their own site where that permission will be present.
/cgi-bin/pakfire.cgi
web page of IPFire devices running versions 2.25 Core Update 156 and prior. Successful exploitation results in remote code execution as the root
user.SPBasePermissions.ManageLists
permissions on any SharePoint site, and grants the attacker remote code execution as the user running the SharePoint server.msfdb --component webservice init
PrependFork
option for Linux payloads has been updated to call setsid(2)
in the child process to properly run the payload in the background before calling fork(2)
again. This ensures the payload properly runs when the target environment is expecting the command or payload to return, and ensures the payloads better emulate the Mettle payload’s background
command to ensure better consistency across payloads.post/windows/gather/enum_hyperv_vms
module where on non-English systems the error message would not match the specified regular expression.lib/msf/core/session/provider/single_command_shell.rb
library has been updated to address an issue whereby shell_read_until_token
may sometimes fail to return output if the randomized token being used to delimit output is contained within the legitimate output as well.apache_activemq_upload_jsp.rb
whereby the URI and filesystem path were not separated appropriately. Additionally, extra checks were added to handle error conditions that may arise during module operation.lib/msf/ui/console/command_dispatcher/db.rb
where the -d
flag was not being correctly honored, preventing users from being able to delete hosts from their database. This has now been fixed.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).