Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
msjenkins-r7 committed Oct 15, 2024
1 parent 9a245e6 commit 26d8d23
Showing 1 changed file with 61 additions and 0 deletions.
61 changes: 61 additions & 0 deletions db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -127524,6 +127524,67 @@
"session_types": false,
"needs_cleanup": null
},
"exploit_unix/webapp/byob_unauth_rce": {
"name": "BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)",
"fullname": "exploit/unix/webapp/byob_unauth_rce",
"aliases": [

],
"rank": 600,
"disclosure_date": "2024-08-15",
"type": "exploit",
"author": [
"chebuya",
"Valentin Lobstein"
],
"description": "This module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI:\n 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.\n 2. CVE-2024-45257: Authenticated command injection in the payload generation page.\n\n These vulnerabilities remain unpatched.",
"references": [
"CVE-2024-45256",
"CVE-2024-45257",
"URL-https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/"
],
"platform": "Linux,Unix",
"arch": "ARCH_CMD",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"Unix/Linux Command Shell"
],
"mod_time": "2024-10-14 11:46:53 +0000",
"path": "/modules/exploits/unix/webapp/byob_unauth_rce.rb",
"is_install_path": true,
"ref_name": "unix/webapp/byob_unauth_rce",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"SideEffects": [
"ioc-in-logs"
],
"Reliability": [
"repeatable-session"
]
},
"session_types": false,
"needs_cleanup": null
},
"exploit_unix/webapp/cacti_graphimage_exec": {
"name": "Cacti graph_view.php Remote Command Execution",
"fullname": "exploit/unix/webapp/cacti_graphimage_exec",
Expand Down

0 comments on commit 26d8d23

Please sign in to comment.