Metasploit Weekly Wrap-Up: July 14, 2023

Last updated at Mon, 05 Feb 2024 18:58:17 GMT

Authentication bypass in Wordpress Plugin WooCommerce Payments

This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. You can simply add a header to execute the bypass and use the API to create a new admin user in Wordpress.

New module content (3)

Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation

Authors: Julien Ahrens, Michael Mazzolini, and h00die
Type: Auxiliary
Pull request: #18164 contributed by h00die
AttackerKB reference: CVE-2023-28121

Description: This module exploits an auth by-pass vulnerability in the WooCommerce WordPress plugin. By sending a speciality crafted request to the plugin an attacker can by-pass authentication and then use the WordPress API to create an admin user in WordPress.

pfSense Restore RRD Data Command Injection

Author: Emir Polat
Type: Exploit
Pull request: #17861 contributed by emirpolatt
AttackerKB reference: CVE-2023-27253

Description: This module exploits a vulnerability in pfSense version 2.6.0 and below which allows for authenticated users to execute arbitrary operating systems commands as root.

SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution

Authors: 1F98D, Ismail E. Dawoodjee, and Soroush Dalili
Type: Exploit
Pull request: #18170 contributed by ismaildawoodjee
AttackerKB reference: CVE-2019-7214

Description: Adds a new module for SmarterMail Build 6985 - dotNET Deserialization Remote Code Execution (CVE-2019-7214). The vulnerability affects SmarterTools SmarterMail Version less than or equal to 16.3.6989.16341 (all legacy versions without a build number), or SmarterTools SmarterMail Build less than 6985.

Enhancements and features (0)

None

Bugs fixed (0)

None

Documentation added (2)

• #18177 from ismaildawoodjee - Updates the Wiki to use https://metasploit.com/download instead of http://metasploit.com/download.
• #18181 from hahwul - Updates broken links in the Wiki.

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

• Pull Requests 6.3.24...6.3.25
• Full diff 6.3.24...6.3.25

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).