Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10, and 21.06.7 to obtain shells. Make sure you have covered your bases for permission to target this vulnerability before testing this as one blog post suggests some banking sites may rely on this tool.
As the GSoC 2022 program starts to ramp up, a contributor that participated in 2020, red0xff, contributed an enhancement to SQLi library support to give module writers a quicker path to injection on Microsoft SQL. The enhancement updates the auxiliary/gather/billquick_txtid_sqli
module to showcase library utility and can reduce logic code required in modules significantlyβsaving about 20% in this one instance.
.jsp
payload to the tomcat ROOT directory and accesses it to trigger its execution.auxiliary/gather/billquick_txtid_sqli
module to leverage the new library features for exploitation.nfs_mount
scanner module by detecting if a NFS network share is mountable or not based on the provided IP address and hostname.multi/manage/shell_to_meterpreter
to upgrade from a Python Meterpreter session to a Native Meterpreter session would kill the original Meterpreter session.read()
method to appropriately handle cases where the socket may return less data than was expected.As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).