This Metasploit module scans for HTTP servers that appear to be vulnerable to the Misfortune Cookie vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.
f5325c099a2a6f868b0add3ecba9e70079e5c190a18ffa2af11053a5503c9a99This Metasploit module is based on ets HTTP Directory Scanner module, with one exception. Where authentication is required, it attempts to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable where WebDAV is enabled on the IIS6 server, and any protected folder requires either Basic, Digest or NTLM authentication.
d48b3dd3c4c04a7b1bb169b3d1c6ad69659f24ec5a66227267626146fd55a9d3This Metasploit module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.
8f2ecf1201b59abdcaedb189bb29a75443dfe162b8acf3116d81747473b35059This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin GI-Media Library version 2.2.2, allowing to read arbitrary files from the system with the web server privileges. This Metasploit module has been tested successfully on GI-Media Library version 2.2.2 with WordPress 4.1.3 on Ubuntu 12.04 Server.
4637d0531dbebb743c37a40d416ad765721de72ea5268f18b423993d68d22ed6SickRage < v2018-09-03 allows an attacker to view a users saved Github credentials in HTTP responses unless the user has set login information for SickRage. By default, SickRage does not require login information for the installation.
dd9ab4c81672ae1f6d02400e007c99b8a954b537d0c4ba52fa9e5143456ba769This Metasploit module scans for Intel Active Management Technology endpoints and attempts to bypass authentication using a blank HTTP digest (CVE-2017-5689). This service can be found on ports 16992, 16993 (tls), 623, and 624 (tls).
44deb16ec4e916e220f9f8b37748314f598bae3f65a5268506e4e9c1f53d9a36This Metasploit module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems.
b3760631a87f3e436e20e7b356c52d0936d8d4d7d95fbe9135a1a1acc0029f27This Metasploit module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This Metasploit module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.
87c833264ee49ea156b8462740c64928a943a3c37c5f3d9c388659dfaa1d03a0This Metasploit module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which means you must set the SSL option to true, and SSLVersion to TLS1. It also needs Secure Admin to access the DAS remotely.
6c7157ec94048d1b65a89eee8917a88c9f200e77ed3ea2eb46eb08e22e74dcaeThis Metasploit module scans for Cisco SSL VPN web login portals and performs login brute force to identify valid credentials.
cea0de13f28a90462c07f1d96698ab71bf78ffa2ebf791ddbdfadacb8169b908This Metasploit module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 less than or equal to 1.11.2. The JobManager REST API fails to validate user-supplied log file paths, allowing retrieval of arbitrary files with the privileges of the web server user. This Metasploit module has been tested successfully on Apache Flink version 1.11.2 on Ubuntu 18.04.4.
776647522193812481f55a112c7a98a591a11cb7829c40e7841d4b5813acf9faThis Metasploit module simply attempts to login to a RFCode Reader web interface. Please note that by default there is no authentication. In such a case, password brute force will not be performed. If there is authentication configured, the module will attempt to find valid login credentials and capture device information.
2bebb43ed7e3c7afb31c6a515dcd02ee4a3a173a63ba555a06a6d7d1740c7a9eThis Metasploit module attempts to authenticate to a Dolibarr ERP/CRMs admin web interface, and should only work against version 3.1.1 or older, because these versions do not have any default protections against brute forcing.
d41bf234f652b296f874c2bf38bd949fde590e4df8c3dfc9b189088e55d21615This Metasploit module can detect situations where there may be information disclosure vulnerabilities that occur when a Git repository is made available over HTTP.
f3fc66ff62ad13f3081bddfba7d9e771214b26ddbd974bf809d56a802a53e08cThis Metasploit module exploits a source code disclosure/download vulnerability in versions 0.7 and 0.8 of the nginx web server. Versions 0.7.66 and 0.8.40 correct this vulnerability.
dbde0118738f8ec88172bdd2d8c742551346fd8f2a6024c26e8db71ac19bbecbThis Metasploit module scans for ServerTechs Sentry Switched CDU (Cabinet Power Distribution Unit) web login portals, and performs login brute force to identify valid credentials.
ea9a49f43b18efdec70397195d549a5898b68c47aa21c2551cd1058b7efb808cThis Metasploit module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 -> 12.2 are reportedly vulnerable. This Metasploit module tested successfully against a Cisco 1600 Router IOS v11.3(11d).
f47c8e7887760a5e15e7ecfe81baff6ced2ddb34267bcb19aff00e68bad4084eThis Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.
2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397This Metasploit module exploits a directory traversal vulnerability present in several Barracuda products, including the Barracuda Spam and Virus Firewall, Barracuda SSL VPN, and the Barracuda Web Application Firewall. By default, this module will attempt to download the Barracuda configuration file.
6442c5754109debd479b03a4170762b45607423d76b1903b7a24b3253875c7b2This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "Simple Backup" version 2.7.10, allowing to read arbitrary files with the web server privileges.
61f6a4e4921a58a63cca20abf255135172544871c3ca345e5acc8abd9d439b6eThis Metasploit module generates a GET request to the provided web servers and executes an SSRF against the targeted EMBY server. Returns the server header, HTML title attribute and location header (if set). This is useful for rapidly identifying web applications on the internal network using the Emby SSRF vulnerability.
fcd1acfc1aea918108a97ea953c37ce3f9c7c4fea3d526e2df6c4414ad277111This Metasploit module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided statecode cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal sequence and appending a NULL byte, any file readable by the web user can be exposed. The web user has read access to a number of sensitive files, including the system configuration and files uploaded to the appliance by users. This issue was confirmed on version FTA_9_11_200, but may apply to previous versions as well. This issue was fixed in software update FTA_9_11_210.
54b5d23c43a234a88b3e5e9d8345ae34b6dec9bf36741d5a1bc88d1cdf6813e5This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software root directory; including the user database, configuration files and log files. This Metasploit module extracts the administrator username and password, and the usernames and passwords or password hashes for all users. This Metasploit module has been tested successfully on SurgeNews version 2.0a-13 on Windows 7 SP 1 and 2.0a-12 on Ubuntu Linux.
73764b44f63d2549636f9a072cfc6159cd3fc1782b3972e02ed0b63dd113c7dcThis Metasploit module scans for OpenMind Message-OS provisioning web login portal, and performs a login brute force attack to identify valid credentials.
28480da105e7aa249ae3a2817a7fb69f5cd9b5986973631805327c9c32624fc3This Metasploit module scans for Cisco Ironport SMA, WSA and ESA web login portals, finds AsyncOS versions, and performs login brute force to identify valid credentials.
19d08d4f5b105944f70b819c179403363836a5d079c1223718e0f4bb91836bf6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed