diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index ed5b2a3b90b1..9b1b8c7d0ecf 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -114954,6 +114954,69 @@ "session_types": false, "needs_cleanup": null }, + "exploit_multi/http/wp_litespeed_cookie_theft": { + "name": "Wordpress LiteSpeed Cache plugin cookie theft", + "fullname": "exploit/multi/http/wp_litespeed_cookie_theft", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2024-09-04", + "type": "exploit", + "author": [ + "Rafie Muhammad", + "jheysel-r7" + ], + "description": "This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin\n that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when\n the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint\n which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default.\n The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.", + "references": [ + "URL-https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/", + "CVE-2024-44000" + ], + "platform": "Linux,PHP,Unix,Windows", + "arch": "php, cmd", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "PHP In-Memory", + "Unix In-Memory", + "Windows In-Memory" + ], + "mod_time": "2024-09-16 09:46:57 +0000", + "path": "/modules/exploits/multi/http/wp_litespeed_cookie_theft.rb", + "is_install_path": true, + "ref_name": "multi/http/wp_litespeed_cookie_theft", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, + "session_types": false, + "needs_cleanup": true + }, "exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": { "name": "WordPress Ninja Forms Unauthenticated File Upload", "fullname": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",