From f8ada15deabfa9760df5d7ddd1aea5c482f8bf0c Mon Sep 17 00:00:00 2001 From: Metasploit Date: Tue, 17 Sep 2024 06:15:03 -0500 Subject: [PATCH] automatic module_metadata_base.json update --- db/modules_metadata_base.json | 63 +++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json index ed5b2a3b90b1..9b1b8c7d0ecf 100644 --- a/db/modules_metadata_base.json +++ b/db/modules_metadata_base.json @@ -114954,6 +114954,69 @@ "session_types": false, "needs_cleanup": null }, + "exploit_multi/http/wp_litespeed_cookie_theft": { + "name": "Wordpress LiteSpeed Cache plugin cookie theft", + "fullname": "exploit/multi/http/wp_litespeed_cookie_theft", + "aliases": [ + + ], + "rank": 600, + "disclosure_date": "2024-09-04", + "type": "exploit", + "author": [ + "Rafie Muhammad", + "jheysel-r7" + ], + "description": "This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin\n that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when\n the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint\n which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default.\n The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.", + "references": [ + "URL-https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/", + "CVE-2024-44000" + ], + "platform": "Linux,PHP,Unix,Windows", + "arch": "php, cmd", + "rport": 80, + "autofilter_ports": [ + 80, + 8080, + 443, + 8000, + 8888, + 8880, + 8008, + 3000, + 8443 + ], + "autofilter_services": [ + "http", + "https" + ], + "targets": [ + "PHP In-Memory", + "Unix In-Memory", + "Windows In-Memory" + ], + "mod_time": "2024-09-16 09:46:57 +0000", + "path": "/modules/exploits/multi/http/wp_litespeed_cookie_theft.rb", + "is_install_path": true, + "ref_name": "multi/http/wp_litespeed_cookie_theft", + "check": true, + "post_auth": false, + "default_credential": false, + "notes": { + "Stability": [ + "crash-safe" + ], + "SideEffects": [ + "artifacts-on-disk", + "ioc-in-logs" + ], + "Reliability": [ + "repeatable-session" + ] + }, + "session_types": false, + "needs_cleanup": true + }, "exploit_multi/http/wp_ninja_forms_unauthenticated_file_upload": { "name": "WordPress Ninja Forms Unauthenticated File Upload", "fullname": "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload",