New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module for IBM DRM arbitrary file download (CVE-2020-4427, CVE-2020-4429) #13301
Conversation
I am waiting on the CVE IDs, but please go ahead with the review while we wait. |
Added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Last PR reviewed. As usual, apply changes universally. Thanks!
Update documentation/modules/auxiliary/admin/http/ibm_drm_download.md Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update documentation/modules/auxiliary/admin/http/ibm_drm_download.md Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update documentation/modules/auxiliary/admin/http/ibm_drm_download.md Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> final changes! Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> Update modules/auxiliary/admin/http/ibm_drm_download.rb Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com> final final Update ibm_drm_download.md change date to ISO really fix the date now
Squashed and rebased! |
Release NotesThis adds an arbitrary file download module for IBM Data Risk Manager versions 2.0.2 and 2.0.3. Version 2.0.6 might also be vulnerable. The exploit covers CVE-2020-4427 and CVE-2020-4429. |
This PR adds a module for an unauthenticated arbitrary file download in IBM Data Risk Manager. This is a 0day at the time of this PR, check:
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md