automatic module_metadata_base.json update

db/modules_metadata_base.json

@@ -65531,7 +65531,7 @@
       "Ron Bowes",
       "jheysel-r7"
     ],
-    "description": "This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls\n          and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin\n          by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being\n          'auto_prepend_file' which causes the provided file to be added using the 'require' function. The second PHP\n          function is 'allow_url_include' which allows the use of URL-aware fopen wrappers. By enabling\n          allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses\n          data:// to provide a file inline which includes the base64 encoded PHP payload.\n\n          By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a\n          datastore option 'JAIL_BREAK', that when set to true, will steal the necessary tokens from a user authenticated\n          to the J-Web application, in order to overwrite the the root password hash. If there is no user\n          authenticated to the J-Web application this method will not work. The module then authenticates\n          with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.",
+    "description": "This module exploits a PHP environment variable manipulation vulnerability affecting Juniper SRX firewalls\n          and EX switches. The affected Juniper devices run FreeBSD and every FreeBSD process can access their stdin\n          by opening /dev/fd/0. The exploit also makes use of two useful PHP features. The first being\n          'auto_prepend_file' which causes the provided file to be added using the 'require' function. The second PHP\n          function is 'allow_url_include' which allows the use of URL-aware fopen wrappers. By enabling\n          allow_url_include, the exploit can use any protocol wrapper with auto_prepend_file. The module then uses\n          data:// to provide a file inline which includes the base64 encoded PHP payload.\n\n          By default this exploit returns a session confined to a FreeBSD jail with limited functionality. There is a\n          datastore option 'JAIL_BREAK', that when set to true, will steal the necessary tokens from a user authenticated\n          to the J-Web application, in order to overwrite the root password hash. If there is no user\n          authenticated to the J-Web application this method will not work. The module then authenticates\n          with the new root password over SSH and then rewrites the original root password hash to /etc/master.passwd.",
     "references": [
       "URL-https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/",
       "URL-https://vulncheck.com/blog/juniper-cve-2023-36845",
@@ -65560,7 +65560,7 @@
       "PHP In-Memory",
       "Interactive SSH with jail break"
     ],
-    "mod_time": "2023-09-29 11:40:03 +0000",
+    "mod_time": "2024-04-15 11:06:50 +0000",
     "path": "/modules/exploits/freebsd/http/junos_phprc_auto_prepend_file.rb",
     "is_install_path": true,
     "ref_name": "freebsd/http/junos_phprc_auto_prepend_file",
@@ -88658,7 +88658,7 @@
       "Linux Command",
       "Unix Command"
     ],
-    "mod_time": "2023-11-07 09:21:04 +0000",
+    "mod_time": "2024-04-15 11:06:50 +0000",
     "path": "/modules/exploits/linux/misc/cisco_ios_xe_rce.rb",
     "is_install_path": true,
     "ref_name": "linux/misc/cisco_ios_xe_rce",
@@ -163208,7 +163208,7 @@
     "targets": [
       "Windows Command"
     ],
-    "mod_time": "2023-05-08 12:11:01 +0000",
+    "mod_time": "2024-04-15 11:06:50 +0000",
     "path": "/modules/exploits/windows/http/manageengine_adaudit_plus_authenticated_rce.rb",
     "is_install_path": true,
     "ref_name": "windows/http/manageengine_adaudit_plus_authenticated_rce",