automatic module_metadata_base.json update

fork-house · Dec 13, 2024 · 852bb8b · 852bb8b
1 parent afd3d0b
commit 852bb8b
Showing 1 changed file with 64 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -117922,6 +117922,70 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_multi/http/wp_time_capsule_file_upload_rce": {
+    "name": "WordPress WP Time Capsule Arbitrary File Upload to RCE",
+    "fullname": "exploit/multi/http/wp_time_capsule_file_upload_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2024-11-15",
+    "type": "exploit",
+    "author": [
+      "Valentin Lobstein",
+      "Rein Daelman"
+    ],
+    "description": "This module exploits an arbitrary file upload vulnerability in the WordPress WP Time Capsule plugin\n          (versions <= 1.22.21). The vulnerability allows uploading a malicious PHP file to achieve remote\n          code execution (RCE).\n\n          The validation logic in the vulnerable function improperly checks for allowed extensions.\n          If no valid extension is found, the check can be bypassed by using a filename of specific length\n          (e.g., \"00.php\") matching the length of allowed extensions like \".crypt\".",
+    "references": [
+      "CVE-2024-8856",
+      "URL-https://hacked.be/posts/CVE-2024-8856",
+      "URL-https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-time-capsule/backup-and-staging-by-wp-time-capsule-12221-unauthenticated-arbitrary-file-upload"
+    ],
+    "platform": "Linux,PHP,Unix,Windows",
+    "arch": "php, cmd",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "PHP In-Memory",
+      "Unix/Linux Command Shell",
+      "Windows Command Shell"
+    ],
+    "mod_time": "2024-12-12 18:04:10 +0000",
+    "path": "/modules/exploits/multi/http/wp_time_capsule_file_upload_rce.rb",
+    "is_install_path": true,
+    "ref_name": "multi/http/wp_time_capsule_file_upload_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": true
+  },
   "exploit_multi/http/wso2_file_upload_rce": {
     "name": "WSO2 Arbitrary File Upload to RCE",
     "fullname": "exploit/multi/http/wso2_file_upload_rce",