A New Way to Encode PHP Payloads
A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters.
Ray Vulnerabilities
This release of Metasploit Framework also features 3 new modules to target ray.io, which is a framework for distributing AI-related workloads across multiple machines, which makes it an excellent exploitation target. These modules can perform arbitrary file reads, perform remote code execution and command injection, making them a great all-round addition to a penetration testing workflow.
The vulnerabilities for which modules are provided are:
CVE-2023-6019
CVE-2023-6020
CVE-2023-48022
New module content (9)
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19380 contributed by h4x-x0r
Path: admin/http/idsecure_auth_bypass
AttackerKB reference: CVE-2023-6329
Description: Adds an auxiliary module targeting CVE-2023-6329, an improper access control vulnerability, which allows an unauthenticated user to compute valid credentials and to add a new administrative user to the web interface of Control iD iDSecure <= v4.7.43.0.
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Authors: Michael Heinzl, mxalias, and ohnoisploited
Type: Auxiliary
Pull ..
Support the originator by clicking the read the rest link below.