Last updated at Thu, 31 Aug 2017 13:47:28 GMT
One of the greatest things about Metasploit is that it supports lots of different protocols and technologies that you would otherwise need a huge menagerie of tools to be able to talk to, an ever-expanding bubble of interoperability that you didn't have to write. Due to some great ongoing work by Bigendian Smalls, the bubble is getting even bigger, now encompassing shell sessions on mainframes. You can see the beginnings in #6013 and #6067
New Modules
This update also comes with a fun privilege escalation exploit for OSX where an environment variable ends up on a commandline. I love these kinds of bugs because people have been screwing up environment variables since the invention of shells.
As always, you can see all the changes since the last wrapup on github: 4.11.4-2015102801...4.11.5-2015103001
Exploit modules
- Th3 MMA mma.php Backdoor Arbitrary File Upload by Jay Turla
- Mac OS X 10.9.5 / 10.10.5 - rsh/libmalloc Privilege Escalation by rebel and shandelman116 exploits CVE-2015-5889
Auxiliary and post modules
- Joomla Real Estate Manager Component Error-Based SQL Injection by Nixawk and Omer Ramic
- Joomla com_contenthistory Error-Based SQL Injection by Asaf Orpani, Nixawk, and bperry exploits CVE-2015-7297