Skip to content

Commit 2f074ef

Browse files
msjenkins-r7msjenkins-r7
committedJan 27, 2021
automatic module_metadata_base.json update
1 parent 9174958 commit 2f074ef

File tree

1 file changed

+50
-0
lines changed

1 file changed

+50
-0
lines changed
 

‎db/modules_metadata_base.json

+50
Original file line numberDiff line numberDiff line change
@@ -130740,6 +130740,56 @@
130740130740
},
130741130741
"needs_cleanup": null
130742130742
},
130743+
"exploit_windows/http/prtg_authenticated_rce": {
130744+
"name": "PRTG Network Monitor Authenticated RCE",
130745+
"fullname": "exploit/windows/http/prtg_authenticated_rce",
130746+
"aliases": [
130747+
130748+
],
130749+
"rank": 600,
130750+
"disclosure_date": "2018-06-25",
130751+
"type": "exploit",
130752+
"author": [
130753+
"Josh Berry <josh.berry@codewatch.org>",
130754+
"Julien Bedel <contact@julienbedel.com>"
130755+
],
130756+
"description": "Notifications can be created by an authenticated user and can execute scripts when triggered.\n Due to a poorly validated input on the script name, it is possible to chain it with a user-supplied command allowing command execution under the context of privileged user.\n The module uses provided credentials to log in to the web interface, then creates and triggers a malicious notification to perform RCE using a Powershell payload.\n It may require a few tries to get a shell because notifications are queued up on the server.\n This vulnerability affects versions prior to 18.2.39. See references for more details about the vulnerability allowing RCE.",
130757+
"references": [
130758+
"CVE-2018-9276",
130759+
"URL-https://www.codewatch.org/blog/?p=453"
130760+
],
130761+
"platform": "Windows",
130762+
"arch": "x86, x64",
130763+
"rport": 80,
130764+
"autofilter_ports": [
130765+
80,
130766+
8080,
130767+
443,
130768+
8000,
130769+
8888,
130770+
8880,
130771+
8008,
130772+
3000,
130773+
8443
130774+
],
130775+
"autofilter_services": [
130776+
"http",
130777+
"https"
130778+
],
130779+
"targets": [
130780+
"Automatic Targeting"
130781+
],
130782+
"mod_time": "2021-01-21 18:32:05 +0000",
130783+
"path": "/modules/exploits/windows/http/prtg_authenticated_rce.rb",
130784+
"is_install_path": true,
130785+
"ref_name": "windows/http/prtg_authenticated_rce",
130786+
"check": true,
130787+
"post_auth": true,
130788+
"default_credential": true,
130789+
"notes": {
130790+
},
130791+
"needs_cleanup": null
130792+
},
130743130793
"exploit_windows/http/psoproxy91_overflow": {
130744130794
"name": "PSO Proxy v0.91 Stack Buffer Overflow",
130745130795
"fullname": "exploit/windows/http/psoproxy91_overflow",

0 commit comments

Comments
 (0)