It’s open season on Openfire with a new RCE module in Metasploit
This week the Metasploit framework saw the addition of an RCE module which exploits path traversal vulnerability in the instant messaging and group chat server, Openfire. The module was submitted by the one and only community contributor h00die-gr3y. The module targets Openfire’s unauthenticated setup environment, in an already configured Openfire environment, to access restricted pages in the Admin Console reserved for administrative users. This module uses a path traversal vulnerability to create a new admin user that is used to upload a Openfire management plugin weaponized with a Java native payload that triggers an RCE. The module is quite flexible and will get you shells when Openfire is running in Windows, Linux and on a variety of different Java versions.
New module content (2)
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
Authors: Rodolfo Tavares, Tempest Security, Henrique Arcoverde, and rodnt
Type: Auxiliary
Pull request: #18182 contributed by rodnt
AttackerKB reference: CVE-2023-26876
Description: This PR adds an auxiliary module that takes advantage of CVE-2023-26876 to retrieve the username and password hash from piwigo v.13.5.0 and earlier.
Openfire authentication bypass with RCE plugin
Author: h00die-gr3y
Type: Exploit
Pull request: #18173 contributed by h00die-gr3y
AttackerKB reference: CVE-2023-32315
< ..
Support the originator by clicking the read the rest link below.
