automatic module_metadata_base.json update

rapid7 · Nov 2, 2023 · 5584a5a · 5584a5a
1 parent c27412a
commit 5584a5a
Showing 1 changed file with 63 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -147792,6 +147792,69 @@
     "session_types": false,
     "needs_cleanup": true
   },
+  "exploit_windows/http/ajaxpro_deserialization_rce": {
+    "name": "AjaxPro Deserialization Remote Code Execution",
+    "fullname": "exploit/windows/http/ajaxpro_deserialization_rce",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2021-12-03",
+    "type": "exploit",
+    "author": [
+      "Hans-Martin Münch (MOGWAI LABS)",
+      "Jemmy Wang"
+    ],
+    "description": "This module leverages an insecure deserialization of data to get\n          remote code execution on the target OS in the context of the user\n          running the website which utilized AjaxPro.\n\n          To achieve code execution, the module will construct some JSON data\n          which will be sent to the target. This data will be deserialized by\n          the AjaxPro JsonDeserializer and will trigger the execution of the\n          payload.\n\n          All AjaxPro versions prior to 21.10.30.1 are vulnerable to this\n          issue, and a vulnerable method which can be used to trigger the\n          deserialization exists in the default AjaxPro namespace.\n\n          AjaxPro 21.10.30.1 removed the vulnerable method, but if a custom\n          method that accepts a parameter of type that is assignable from\n          `ObjectDataProvider` (e.g. `object`) exists, the vulnerability can\n          still be exploited.\n\n          This module has been tested successfully against official AjaxPro on\n          version 7.7.31.1 without any modification, and on version 21.10.30.1\n          with a custom vulnerable method added.",
+    "references": [
+      "CVE-2021-23758",
+      "URL-https://mogwailabs.de/en/blog/2022/01/vulnerability-spotlight-rce-in-ajax.net-professional/"
+    ],
+    "platform": "Windows",
+    "arch": "cmd, x86, x64",
+    "rport": 80,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Windows Command",
+      "Windows Dropper"
+    ],
+    "mod_time": "2023-11-03 00:04:20 +0000",
+    "path": "/modules/exploits/windows/http/ajaxpro_deserialization_rce.rb",
+    "is_install_path": true,
+    "ref_name": "windows/http/ajaxpro_deserialization_rce",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "screen-effects",
+        "ioc-in-logs",
+        "artifacts-on-disk"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_windows/http/altn_securitygateway": {
     "name": "Alt-N SecurityGateway username Buffer Overflow",
     "fullname": "exploit/windows/http/altn_securitygateway",