This Metasploit module exploits an unauthenticated directory traversal vulnerability in Cassandra Web Cassandra Web version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module.
1fcf8bcb9a5c390a3d9ee4018429d16d6138dbe119755c56e7f809909dd5bccdThis Metasploit module attempts to brute-force a valid session token for the Syncovery File Sync and Backup Software Web-GUI by generating all possible tokens, for every second between DateTime.now and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is found, the module stops. The vulnerability exists, because in Syncovery session tokens are basically just base64(m/d/Y H:M:S) at the time of the login instead of a random token. If a user does not log out (Syncovery v8.x has no logout) session tokens will remain valid until reboot.
35774315caca7f89f98bfc845f009123bd6450981504bf93e08596306cfc0432This Metasploit module attempts to scan for InfoVista VistaPortal Web Application, finds its version and performs login brute force to identify valid credentials.
988a25a91ec5ad89fac76dcea1a6f311b0572b6b6646957ee931ee76d8973e13This Metasploit module scans for Fortinet SSL VPN web login portals and performs login brute force to identify valid credentials.
9cff45fa6448a61d09c7bfca78543e51d98a8a25cd5a142166e055d3f899034fThis Metasploit module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.
ce900f10acc1386276f00739f087918826cb2474bfdb669e0c939feac5f7524aThis Metasploit module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the controller. In May of 2014, at least 30,000 unique IPs were exposed to the internet with this vulnerability.
1ca6be3bd1442f15e9c436c21eb3f55a0d2466eb4cc5defa624000e1a17d568bThis Metasploit module exploits a directory traversal vulnerability found in Sybase EAservers Jetty webserver on port 8000. Code execution seems unlikely with EAservers default configuration unless the web server allows WRITE permission.
7bfd36e1187bbe4aedbbf3cc9f1865de502ad6964a28a52016ac80e17c3bbfa5This Metasploit module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.
51715fee223323063efe38cccd63acc54537c25beb376295f1d2c1da1023b617Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.
0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.
efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189This Metasploit module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of remote files. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
330cc22734979700205d38d8b3a6fcb4016360f791b7add7a0841b6885897ab3This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.
ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00This Metasploit module connects to ES File Explorers HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This Metasploit module has been tested against 4.1.9.5.1.
a73c6b524b907dbe590605fec39555ee25f87f4dfb5e202dfc167e9995d06c69This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the web server privileges.
5e5be4ae6d13b3b27b02eb179731c7c1ec77577cfd08a929ee02bea102948838This Metasploit module gathers data from a Cisco device (router or switch) with the device manager web interface exposed. The HttpUsername and HttpPassword options can be used to specify authentication.
e515364a8b6d5188cc5064ca26061b454b46d79e2464b43c67ca62a9ea442319This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin Duplicator version 1.3.24-1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.
70e1c80a4666b4d2d1a2cbdb85a7139a6ae55e39380b9790128d79bb96845537This Metasploit module attempts to login to Chef Web UI server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the default login (admin:p@ssw0rd1).
a8b7ab4052d313ccc873b8bd18d89edbeb3d80da21d867193b4a96625924ef5dThis Metasploit module exploits a directory traversal vulnerability in the Embedthis GoAhead Web Server v3.4.1, allowing an attacker to read arbitrary files with the web server privileges.
176eaf23e2348991401b48184cc4be3a61754c79a8d254fb1976e061cc7d1f98This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "Subscribe to Comments" version 2.1.2, allowing to read arbitrary files with the web server privileges.
fd7b19a9193f7aff16d3b71d71eee92ef8df3e278021933d800166fd2f528d75Ektron CMS400.NET is a web content management system based on .NET. This Metasploit module tests for installations that are utilizing default passwords set by the vendor. Additionally, it has the ability to brute force user accounts. Note that Ektron CMS400.NET, by default, enforces account lockouts for regular user account after a number of failed attempts.
e867081ce25f1500fcd90fd14704c451906cad6adeb1d11209918e5c4af73432This Metasploit module exploits blind XPATH 1.0 injections over HTTP GET requests.
651687bcd595b9f22e68c3c981e70f5fc4f0a88508ab6655dda370543c5b0161This Metasploit module scans for HTTP servers that appear to be vulnerable to the Misfortune Cookie vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.
f5325c099a2a6f868b0add3ecba9e70079e5c190a18ffa2af11053a5503c9a99This Metasploit module is based on ets HTTP Directory Scanner module, with one exception. Where authentication is required, it attempts to bypass authentication using the WebDAV IIS6 Unicode vulnerability discovered by Kingcope. The vulnerability appears to be exploitable where WebDAV is enabled on the IIS6 server, and any protected folder requires either Basic, Digest or NTLM authentication.
d48b3dd3c4c04a7b1bb169b3d1c6ad69659f24ec5a66227267626146fd55a9d3This Metasploit module exploits an unauthenticated directory traversal vulnerability in the Dicoogle PACS Web Server v2.5.0 and possibly earlier, allowing an attacker to read arbitrary files with the web server privileges. While the application is java based, the directory traversal was only successful against Windows targets.
8f2ecf1201b59abdcaedb189bb29a75443dfe162b8acf3116d81747473b35059This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin GI-Media Library version 2.2.2, allowing to read arbitrary files from the system with the web server privileges. This Metasploit module has been tested successfully on GI-Media Library version 2.2.2 with WordPress 4.1.3 on Ubuntu 12.04 Server.
4637d0531dbebb743c37a40d416ad765721de72ea5268f18b423993d68d22ed6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed