Last updated at Fri, 13 Sep 2024 19:28:34 GMT
SPIP Modules
This week brings more modules targeting the SPIP publishing platform. SPIP has gained some attention from Metasploit community contributors recently and has inspired some PHP payload and encoder improvements.
New module content (2)
SPIP BigUp Plugin Unauthenticated RCE
Authors: Julien Voisin, Laluka, Valentin Lobstein, and Vozec
Type: Exploit
Pull request: #19444 contributed by Chocapikk
Path: multi/http/spip_bigup_unauth_rce
AttackerKB reference: CVE-2024-8517
Description: This adds an exploit module for CVE-2024-8517, an unauthenticated RCE able to execute arbitrary PHP code.
SPIP connect Parameter PHP Injection
Authors: Arnaud Pachot, Davy Douhine, Frederic Cikala, and Valentin Lobstein
Type: Exploit
Pull request: #19432 contributed by Chocapikk
Path: multi/http/spip_connect_exec
CVE reference: BID-54292
Description: Refactor SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin.
Enhancements and features (3)
- #19330 from heyder - The start_service method in the http_server.rb library now allows users to specify their SSL preferences directly through the opts parameter. If the ssl option is not provided in opts, it will default to the value in datastore["SSL"].
- #19352 from zgoldman-r7 - Adjusts the metadata for the ldap login scanner, adding defaults and adjusting the service and protocol values.
- #19432 from Chocapikk - Refactor SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin.
Bugs fixed (1)
- #19439 from bcoles - This explicitly defines x86 and x64 as supported architectures for the bypassuac_comhijack module. Prior to this change there were no defined architectures and if you tried to use an x64 based payload the module would fail.
Documentation
You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
Get it
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro
NEVER MISS AN EMERGING THREAT
Be the first to learn about the latest vulnerabilities and cybersecurity news.
Subscribe Now