automatic module_metadata_base.json update

rapid7 · Apr 12, 2024 · 2cf8ea3 · 2cf8ea3
1 parent 1174344
commit 2cf8ea3
Showing 1 changed file with 66 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -98643,6 +98643,72 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/crushftp_rce_cve_2023_43177": {
+    "name": "CrushFTP Unauthenticated RCE",
+    "fullname": "exploit/multi/http/crushftp_rce_cve_2023_43177",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2023-08-08",
+    "type": "exploit",
+    "author": [
+      "Ryan Emmons",
+      "Christophe De La Fuente"
+    ],
+    "description": "This exploit module leverages an Improperly Controlled Modification\n          of Dynamically-Determined Object Attributes vulnerability\n          (CVE-2023-43177) to achieve unauthenticated remote code execution.\n          This affects CrushFTP versions prior to 10.5.1.\n\n          It is possible to set some user's session properties by sending an HTTP\n          request with specially crafted Header key-value pairs. This enables an\n          unauthenticated attacker to access files anywhere on the server file\n          system and steal the session cookies of valid authenticated users. The\n          attack consists in hijacking a user's session and escalates privileges\n          to obtain full control of the target. Remote code execution is obtained\n          by abusing the dynamic SQL driver loading and configuration testing\n          feature.",
+    "references": [
+      "URL-https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/",
+      "URL-https://github.com/the-emmons/CVE-2023-43177/blob/main/CVE-2023-43177.py",
+      "URL-https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
+      "CVE-2023-43177",
+      "CWE-913"
+    ],
+    "platform": "Java,Linux,Unix,Windows",
+    "arch": "java, x64, x86",
+    "rport": 8080,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Java",
+      "Linux Dropper",
+      "Windows Dropper"
+    ],
+    "mod_time": "2024-03-29 12:18:16 +0000",
+    "path": "/modules/exploits/multi/http/crushftp_rce_cve_2023_43177.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/crushftp_rce_cve_2023_43177",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/cups_bash_env_exec": {
     "name": "CUPS Filter Bash Environment Variable Code Injection (Shellshock)",
     "fullname": "exploit/multi/http/cups_bash_env_exec",