Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix invalid disclosure date formats #14212

Merged
merged 1 commit into from Oct 2, 2020
Merged

Fix invalid disclosure date formats #14212

merged 1 commit into from Oct 2, 2020

Conversation

adfoster-r7
Copy link
Contributor

@adfoster-r7 adfoster-r7 commented Oct 2, 2020
edited by gwillcox-r7

Fixing some disclosure dates that were incorrectly formatted.

Verification

Verified that the modules still load as expected and that the info/search command works as expected.

  • Start msfconsole
  • use pimcore_creds_sqli
  • info
  • Verify the date is formatted as expected - 2018-08-13

@adfoster-r7 adfoster-r7 added the rn-no-release-notes no release notes label Oct 2, 2020
adfoster-r7
adfoster-r7 commented Oct 2, 2020
View reviewed changes
modules/auxiliary/gather/pimcore_creds_sqli.rb
@@ -35,7 +35,7 @@ def initialize(info = {})
{
'SideEffects' => [ IOC_IN_LOGS ]
},
'DisclosureDate' => 'Aug 13, 2018'
'DisclosureDate' => 'Aug 13 2018'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR just removes the miscellaneous punctuation, a future PR will align the DisclosureDates to be formatted as ISO8601.

@bcoles
Copy link
Contributor

bcoles commented Oct 2, 2020

This PR just removes the miscellaneous punctuation, a future PR will align the DisclosureDates to be formatted as ISO8601.

As much as I would prefer to see the vastly superior international date format used instead of degenerate date format (#10974), there were some severe yet inadequately described problems which allegedly prevented this in the past. (#11094 (comment) #11094 #11093)

Were these mystery issues ever resolved ?

@adfoster-r7
Copy link
Contributor Author

@bcoles Thanks for cross referencing those issues 👍 I believe those issues are resolved now - as we're no longer maintaining any build automation around Metasploit 4.x

For now this PR is just aligning these modules to use one of the two conventions currently followed in the codebase, and I'll be creating a separate pull request to require modules to follow only one of the conventions

@gwillcox-r7 gwillcox-r7 self-assigned this Oct 2, 2020
@gwillcox-r7
Copy link
Contributor

This seems to be operating as expected:

 ~/git/metasploit-framework │ land-pr14212:pr/14212  ./msfconsole                                                                                                                     ✔ │ 6s │ 2.6.6 Ruby 
                                                  
Call trans opt: received. 2-19-98 13:24:18 REC:Loc

     Trace program: running

           wake up, Neo...
        the matrix has you
      follow the white rabbit.

          knock, knock, Neo.

                        (`.         ,-,
                        ` `.    ,;' /
                         `.  ,'/ .'
                          `. X /.'
                .-;--''--.._` ` (
              .'            /   `
             ,           ` '   Q '
             ,         ,   `._    \
          ,.|         '     `-.;_'
          :  . `  ;    `  ` --,.._;
           ' `    ,   )   .'
              `._ ,  '   /_
                 ; ,''-,;' ``-
                  ``-..__``--`

                             https://metasploit.com


       =[ metasploit v6.0.10-dev-26ff912291               ]
+ -- --=[ 2069 exploits - 1122 auxiliary - 352 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Writing a custom module? After editing your module, why not try the reload command

msf6 > use pimcore_creds_sqli

Matching Modules
================

   #  Name                                 Disclosure Date  Rank    Check  Description
   -  ----                                 ---------------  ----    -----  -----------
   0  auxiliary/gather/pimcore_creds_sqli  2018-08-13       normal  No     Pimcore Gather Credentials via SQL Injection


Interact with a module by name or index. For example info 0, use 0 or use auxiliary/gather/pimcore_creds_sqli

[*] Using auxiliary/gather/pimcore_creds_sqli
msf6 auxiliary(gather/pimcore_creds_sqli) > info

       Name: Pimcore Gather Credentials via SQL Injection
     Module: auxiliary/gather/pimcore_creds_sqli
    License: Metasploit Framework License (BSD)
       Rank: Normal
  Disclosed: 2018-08-13

Provided by:
  Thongchai Silpavarangkura
  N. Rai-Ngoen
  Shelby Pace

Module side effects:
 ioc-in-logs

Check supported:
  No

Basic options:
  Name       Current Setting  Required  Description
  ----       ---------------  --------  -----------
  APIKEY                      yes       The valid API key for Pimcore REST API
  Proxies                     no        A proxy chain of format type:host:port[,type:host:port][...]
  RHOSTS                      yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPORT      80               yes       The target port (TCP)
  SSL        false            no        Negotiate SSL/TLS for outgoing connections
  TARGETURI  /                yes       The base path to pimcore
  VHOST                       no        HTTP server virtual host

Description:
  This module extracts the usernames and hashed passwords of all users 
  of the Pimcore web service by exploiting a SQL injection 
  vulnerability in Pimcore's REST API. Pimcore begins to create 
  password hashes by concatenating a user's username, the name of the 
  application, and the user's password in the format 
  USERNAME:pimcore:PASSWORD. The resulting string is then used to 
  generate an MD5 hash, and then that MD5 hash is used to create the 
  final hash, which is generated using PHP's built-in password_hash 
  function.

References:
  https://cvedetails.com/cve/CVE-2018-14058/
  https://www.exploit-db.com/exploits/45208

msf6 auxiliary(gather/pimcore_creds_sqli) >

@gwillcox-r7 gwillcox-r7 merged commit 640a9e2 into rapid7:master Oct 2, 2020
@adfoster-r7 adfoster-r7 deleted the fix-invalid-disclosure-date-formats branch October 2, 2020 14:59
@adfoster-r7 adfoster-r7 mentioned this pull request Oct 2, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@gwillcox-r7 gwillcox-r7

Labels
easy rn-no-release-notes no release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@adfoster-r7 @bcoles @gwillcox-r7