Skip to content

Commit

Permalink
automatic module_metadata_base.json update
Browse files Browse the repository at this point in the history
  • Loading branch information
msjenkins-r7 committed Sep 17, 2024
1 parent 6e696e2 commit f8ada15
Showing 1 changed file with 63 additions and 0 deletions.
63 changes: 63 additions & 0 deletions db/modules_metadata_base.json
Original file line number Diff line number Diff line change
Expand Up @@ -114954,6 +114954,69 @@
"session_types": false,
"needs_cleanup": null
},
"exploit_multi/http/wp_litespeed_cookie_theft": {
"name": "Wordpress LiteSpeed Cache plugin cookie theft",
"fullname": "exploit/multi/http/wp_litespeed_cookie_theft",
"aliases": [

],
"rank": 600,
"disclosure_date": "2024-09-04",
"type": "exploit",
"author": [
"Rafie Muhammad",
"jheysel-r7"
],
"description": "This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin\n that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when\n the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint\n which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default.\n The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.",
"references": [
"URL-https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/",
"CVE-2024-44000"
],
"platform": "Linux,PHP,Unix,Windows",
"arch": "php, cmd",
"rport": 80,
"autofilter_ports": [
80,
8080,
443,
8000,
8888,
8880,
8008,
3000,
8443
],
"autofilter_services": [
"http",
"https"
],
"targets": [
"PHP In-Memory",
"Unix In-Memory",
"Windows In-Memory"
],
"mod_time": "2024-09-16 09:46:57 +0000",
"path": "/modules/exploits/multi/http/wp_litespeed_cookie_theft.rb",
"is_install_path": true,
"ref_name": "multi/http/wp_litespeed_cookie_theft",
"check": true,
"post_auth": false,
"default_credential": false,
"notes": {
"Stability": [
"crash-safe"
],
"SideEffects": [
"artifacts-on-disk",
"ioc-in-logs"
],
"Reliability": [
"repeatable-session"
]
},
"session_types": false,
"needs_cleanup": true
},
"exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": {
"name": "WordPress Ninja Forms Unauthenticated File Upload",
"fullname": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",
Expand Down

0 comments on commit f8ada15

Please sign in to comment.