This Metasploit module abuses an XML External Entity Injection vulnerability on the OpenID module from Drupal. The vulnerability exists in the parsing of a malformed XRDS file coming from a malicious OpenID endpoint. This Metasploit module has been tested successfully on Drupal 7.15 and 7.2 with the OpenID module enabled.
fe62795a56f1a6691e563b31f2d80448873d2adea093cc34d667fe53ad7993abThis Metasploit module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On a typical redis deployment (not docker), this module achieves execution as the redis user. Debian/Ubuntu packages run Redis using systemd with the "MemoryDenyWriteExecute" permission, which limits some of what an attacker can do. For example, staged meterpreter will fail when attempting to use mprotect. As such, stageless meterpreter is the preferred payload. Redis can be configured with authentication or not. This module will work with either configuration (provided you provide the correct authentication details). This vulnerability could theoretically be exploited across a few architectures: i386, arm, ppc, etc. However, the module only supports x86_64, which is likely to be the most popular version.
25990c6dc1f07a86ea2e834b9c66c011d9af3d483f0592ec3011de6f791bfa0aDrupal versions prior to 7.16 suffer from arbitrary PHP code execution and information disclosure vulnerabilities. Version 6 is not affected.
18cb2c87e74ebbfd4c998ad47021b871b9bb38f412c18a7d8590840eac09cfc8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed