Backups that Cause Problems
hypn0s contributed a module that exploits Snap Creek’s Duplicator plugin for WordPress. Duplicator is a plugin that eases the backup and migration of WordPress installations. For versions 1.2.40 and below, Duplicator leaves behind a number of sensitive files, including one that gives access to controlling the WordPress restoration process. Sending a
POST request to the now accessible
installer page leads to writing directly to the
wp-config file, which when requested, can lead to remote code execution.
Labels and Shells
modpr0be both discovered a vulnerability and contributed a module that exploits a stack-based buffer overflow in CyberLink LabelPrint software v2.5 and below. The module generates an
lpp file containing shellcode in the
track tag and arbitrary data for the others. Opening the file with the CyberLink LabelPrint software results in command execution. This module has been successfully tested on Windows 7, 8.1, and 10.
Exploit modules (3 new)
- Snap Creek Duplicator WordPress plugin code injection by Julien Legras and Thomas Chauchefoin, which exploits CVE-2018-17207
- CyberLink LabelPrint 2.5 Stack Buffer Overflow by f3ci and modpr0be, which exploits CVE-2017-14627
- Serve DLL via webdav server by James Cook and Ryan Hanson
Auxiliary and post modules (1 new)
- Oracle DB Privilege Escalation via Function-Based Index by David Litchfield and Moshe Kaplan
bcoles introduced some improvements to the
linux/gather/enum_configsmodule that prevents the storage of empty configuration files as loot. Additionally, bcoles added the
kernel_configmethod that returns details on the current kernel configuration and added checks to the
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try outthe newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.