Skip to content

Commit 26d8d23

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent 9a245e6 commit 26d8d23

File tree

1 file changed

+61
-0
lines changed

1 file changed

+61
-0
lines changed

db/modules_metadata_base.json

Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127524,6 +127524,67 @@
127524127524
"session_types": false,
127525127525
"needs_cleanup": null
127526127526
},
127527+
"exploit_unix/webapp/byob_unauth_rce": {
127528+
"name": "BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)",
127529+
"fullname": "exploit/unix/webapp/byob_unauth_rce",
127530+
"aliases": [
127531+
127532+
],
127533+
"rank": 600,
127534+
"disclosure_date": "2024-08-15",
127535+
"type": "exploit",
127536+
"author": [
127537+
"chebuya",
127538+
"Valentin Lobstein"
127539+
],
127540+
"description": "This module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI:\n 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user.\n 2. CVE-2024-45257: Authenticated command injection in the payload generation page.\n\n These vulnerabilities remain unpatched.",
127541+
"references": [
127542+
"CVE-2024-45256",
127543+
"CVE-2024-45257",
127544+
"URL-https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/"
127545+
],
127546+
"platform": "Linux,Unix",
127547+
"arch": "ARCH_CMD",
127548+
"rport": 80,
127549+
"autofilter_ports": [
127550+
80,
127551+
8080,
127552+
443,
127553+
8000,
127554+
8888,
127555+
8880,
127556+
8008,
127557+
3000,
127558+
8443
127559+
],
127560+
"autofilter_services": [
127561+
"http",
127562+
"https"
127563+
],
127564+
"targets": [
127565+
"Unix/Linux Command Shell"
127566+
],
127567+
"mod_time": "2024-10-14 11:46:53 +0000",
127568+
"path": "/modules/exploits/unix/webapp/byob_unauth_rce.rb",
127569+
"is_install_path": true,
127570+
"ref_name": "unix/webapp/byob_unauth_rce",
127571+
"check": true,
127572+
"post_auth": false,
127573+
"default_credential": false,
127574+
"notes": {
127575+
"Stability": [
127576+
"crash-safe"
127577+
],
127578+
"SideEffects": [
127579+
"ioc-in-logs"
127580+
],
127581+
"Reliability": [
127582+
"repeatable-session"
127583+
]
127584+
},
127585+
"session_types": false,
127586+
"needs_cleanup": null
127587+
},
127527127588
"exploit_unix/webapp/cacti_graphimage_exec": {
127528127589
"name": "Cacti graph_view.php Remote Command Execution",
127529127590
"fullname": "exploit/unix/webapp/cacti_graphimage_exec",

0 commit comments

Comments
 (0)