CMS Exploitation Made Simple
"CMS Made Simple" is an open-source Content Management System. Mustafa Hasen
discovered and reported that versions 2.2.5 and 2.2.7 include a vulnerability in file uploads that permit an authenticated attacker to gain execution of arbitrary PHP scripts. The
multi/http/cmsms_upload_rename_rce exploit module uses our PHP Meterpreter to gain full control of the target.
Isn't it lovely when a team comes together? Last week, a group of Metasploit developers and Rapid7 pen testers got together to play with a series of critical vulnerabilities in Axis cameras. The vulnerabilities permit an attacker with network access to the camera to bypass authentication and gain remote code execution as root. Check out the AXIS advisory and the team's Metasploit module,
PHPMyAdmin Login Scanner
Pen testers and players of last year's Metasploitable3 CTF know how valuable discovering the credentials to a MySQL database can be. Wouldn't it be great if you could easily check the credentials against a PHPMyAdmin instance? @space-r7 thought so too! Check out her
Speaking of Pen Testers...
Earlier this week, Rapid7 released its second Under the Hoodie report, which digs into data from 268 pen tester engagements to highlight exploitation success rates, credential capture rates, and memorable "war stories" from the offensive security trenches. Download the (free, ungated!) report here to explore takeaways from our pen testing fam.
Open Source Security Meetup (OSSM): Vegas 2018
Like open source security? Want to take a break from corporate events at hacker summer camp to share projects and chat in a low-key environment? Stop by the fourth annual Open Source Security Meetup (OSSM) in Vegas from 4-6 PM August 9. There are no formal presentations this year (true meetup-style), but if you’re an open source security dev with a project you want to discuss, let us know here.
Exploit modules (2 new)
Axis Network Camera .srv to parhand RCE by wvu, sinn3r, Brent Cook, Cale Black, Chris Lee, Jacob Robles, Matthew Kienow, Or Peles, and Shelby Pace, which exploits CVE-2018-10660, CVE-2018-10661, and CVE-2018-10662.
CMS Made Simple Authenticated RCE via File Upload/Copy by Jacob Robles and Mustafa Hasen, which exploits CVE-2018-1000094.
Auxiliary and post modules (1 new)
- PhpMyAdmin Login Scanner by Shelby Pace
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
To install fresh, check out the open-source-only Nightly Installers,
or the binary installers which also include the commercial
editions. PLEASE NOTE that these installers, and Metasploit
Framework versions included in distros such as Kali, Parrot, etc.,
are based off the stable Metasploit 4 branch. If you'd like to try out
the newer things going into Metasploit 5, that work is
available in the master branch of the Metasploit Framework repo on GitHub.