Last updated at Fri, 28 Apr 2023 19:39:06 GMT
Scanner That Pulls Sensitive Information From Joomla Installations
This week's Metasploit release includes a module for
CVE-2023-23752 by h00die. Did you know about the improper API access vulnerability in Joomla installations, specifically Joomla versions between 4.0.0 and 4.2.7, inclusive? This vulnerability allows unauthenticated users access to web service endpoints which contain sensitive information such as user and config information. This module can be used to exploit the users and config/application endpoints.
No More Local Exploit Suggester Crashing Against Older Windows Targets
This week's Metasploit release includes a bug fix by our own adfoster-r7 addressing an issue related to the local exploit suggester crashing against older windows targets. This issue was tracked down to the
bits_ntlm_token_impersonation module when it's checking the BITS/WinRM version via PowerShell. A patch has been added to prevent it crashing against older and newer Windows targets.
New module content (1)
Joomla API Improper Access Checks
Authors: Tianji Lab and h00die
Pull request: #17895 contributed by h00die
AttackerKB reference: CVE-2023-23752
Description: This adds a scanner that pulls user and config information from Joomla installations that permit access to endpoints containing sensitive information. This affects versions
Enhancements and features (3)
- #17857 from steve-embling - This adds T3S support for the
- #17921 from bcoles - This add documentation for the module
- #17941 from j-baines - Updates the
exploits/linux/misc/zyxel_multiple_devices_zhttp_lan_rcemodule with CVE identifier CVE-2023-28769.
Bugs fixed (4)
- #17912 from bwatters-r7 - Fixes a MinGW issue in the Meterpreter stdapi extension. The stdapi extension was using
FreeMibTable()to free memory allocated by
GetIpForwardTable2()which led to a crash when compiled with MinGW.
- #17913 from adfoster-r7 - Fixes a crash when running the local exploit suggester against older Windows targets.
- #17914 from zeroSteiner - This fixes an issue where paths with trailing backslashes would wait for more input when passed to
directory?()due to the
"being escaped in the command testing for the existence of the path.
- #17926 from bwatters-r7 - This fixes an issue with a railgun function definition that caused the
post/windows/gather/resolve_sidmodule to fail on 64-bit systems. When the module failed, the session was lost.
Documentation added (2)
- #17839 from cdelafuente-r7 - This improves Metasploit's documentation on the
cleanupmethod for modules.
- #17937 from adfoster-r7 - This fixes a formatting error due to a typo in the wiki page for setting up a Metasploit development environment.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with
and you can get more details on the changes since the last blog post from
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).