automatic module_metadata_base.json update

EgeBalci · Dec 23, 2022 · a526604 · a526604
1 parent 20d7079
commit a526604
Showing 1 changed file with 62 additions and 0 deletions.
diff --git a/db/modules_metadata_base.json b/db/modules_metadata_base.json
@@ -66578,6 +66578,68 @@
     "session_types": false,
     "needs_cleanup": null
   },
+  "exploit_linux/http/opentsdb_yrange_cmd_injection": {
+    "name": "OpenTSDB 2.4.0 unauthenticated command injection",
+    "fullname": "exploit/linux/http/opentsdb_yrange_cmd_injection",
+    "aliases": [
+
+    ],
+    "rank": 600,
+    "disclosure_date": "2020-11-18",
+    "type": "exploit",
+    "author": [
+      "Shai rod",
+      "Erik Wynter"
+    ],
+    "description": "This module exploits an unauthenticated command injection\n          vulnerability in the yrange parameter in OpenTSDB through\n          2.4.0 (CVE-2020-35476) in order to achieve unauthenticated\n          remote code execution as the root user.\n\n          The module first attempts to obtain the OpenTSDB version via\n          the api. If the version is 2.4.0 or lower, the module\n          performs additional checks to obtain the configured metrics\n          and aggregators. It then randomly selects one metric and one\n          aggregator and uses those to instruct the target server to\n          plot a graph. As part of this request, the yrange parameter is\n          set to the payload, which will then be executed by the target\n          if the latter is vulnerable.\n\n          This module has been successfully tested against OpenTSDB\n          version 2.3.0.",
+    "references": [
+      "CVE-2020-35476",
+      "URL-https://github.com/OpenTSDB/opentsdb/issues/2051"
+    ],
+    "platform": "Linux,Unix",
+    "arch": "cmd, x86, x64",
+    "rport": 4242,
+    "autofilter_ports": [
+      80,
+      8080,
+      443,
+      8000,
+      8888,
+      8880,
+      8008,
+      3000,
+      8443
+    ],
+    "autofilter_services": [
+      "http",
+      "https"
+    ],
+    "targets": [
+      "Automatic (Unix In-Memory)",
+      "Automatic (Linux Dropper)"
+    ],
+    "mod_time": "2022-12-23 13:38:16 +0000",
+    "path": "/modules/exploits/linux/http/opentsdb_yrange_cmd_injection.rb",
+    "is_install_path": true,
+    "ref_name": "linux/http/opentsdb_yrange_cmd_injection",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "ioc-in-logs"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ]
+    },
+    "session_types": false,
+    "needs_cleanup": null
+  },
   "exploit_linux/http/pandora_fms_events_exec": {
     "name": "Pandora FMS Events Remote Command Execution",
     "fullname": "exploit/linux/http/pandora_fms_events_exec",