National Cyber Warfare Foundation (NCWF) Forums


Metasploit Weekly Wrap-Up 08 23 2024


0 user ratings
2024-08-23 15:14:21
milo
Red Team (CNA)

New module content (3)


Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)


Authors: Michael Heinzl and Tenable

Type: Auxiliary

Pull request: #19373 contributed by h4x-x0r

Path: admin/http/fortra_filecatalyst_workflow_sqli

AttackerKB reference: CVE-2024-5276


Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for



New module content (3)


Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)


Metasploit Weekly Wrap-Up 08/23/2024

Authors: Michael Heinzl and Tenable

Type: Auxiliary

Pull request: #19373 contributed by h4x-x0r

Path: admin/http/fortra_filecatalyst_workflow_sqli

AttackerKB reference: CVE-2024-5276


Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for adding an arbitrary administration user in the application.


SPIP Unauthenticated RCE via porte_plume Plugin


Authors: Julien Voisin, Laluka, and Valentin Lobstein

Type: Exploit

Pull request: #19394 contributed by Chocapikk

Path: multi/http/spip_porte_plume_previsu_rce


Description: Adds a new exploit/multi/http/spip_porte_plume_previsu_rce SPIP unauthenticated remote code execution (RCE) module targeting SPIP versions up to and including 4.2.12.


DIAEnergie SQL Injection (CVE-2024-4548)


Authors: Michael Heinzl and Tenable

Type: Exploit

Pull request: #19351 contributed by h4x-x0r

Path: windows/scada/diaenergie_sqli

AttackerKB reference: CVE-2024-4548


Description: This adds an exploit module for CVE-2024-4548, an unauthenticated SQL injection vulnerability that allows remote code execution as NT AUTHORITY\SYSTEM.


Bugs fixed (1)



  • #19366 from adeherdt-r7 - Updates the Jenkins login scanner to correctly determine whether authentication is required.


Documentation


You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.


Get it


As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:



If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.

To install fresh without using git, you can use the open-source-only Nightly Installers or the

commercial edition Metasploit Pro


Metasploit Weekly Wrap-Up 08/23/2024




Source: Rapid7
Source Link: https://blog.rapid7.com/2024/08/23/metasploit-weekly-wrap-up-08-23-2024/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Red Team (CNA)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.