Last updated at Mon, 05 Feb 2024 20:52:23 GMT

It’s open season on Openfire with a new RCE module in Metasploit

This week the Metasploit framework saw the addition of an RCE module which exploits path traversal vulnerability in the instant messaging and group chat server, Openfire. The module was submitted by the one and only community contributor h00die-gr3y. The module targets Openfire’s unauthenticated setup environment, in an already configured Openfire environment, to access restricted pages in the Admin Console reserved for administrative users. This module uses a path traversal vulnerability to create a new admin user that is used to upload a Openfire management plugin weaponized with a Java native payload that triggers an RCE. The module is quite flexible and will get you shells when Openfire is running in Windows, Linux and on a variety of different Java versions.

New module content (2)

Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

Authors: Rodolfo Tavares, Tempest Security, Henrique Arcoverde, and rodnt
Type: Auxiliary
Pull request: #18182 contributed by rodnt
AttackerKB reference: CVE-2023-26876

Description: This PR adds an auxiliary module that takes advantage of CVE-2023-26876 to retrieve the username and password hash from piwigo v.13.5.0 and earlier.

Openfire authentication bypass with RCE plugin

Author: h00die-gr3y
Type: Exploit
Pull request: #18173 contributed by h00die-gr3y
AttackerKB reference: CVE-2023-32315

Description: This PR adds a module for CVE-2023-32315, a remote code execution vulnerability for all versions of Openfire that have been released since April 2015, starting with version 3.10.0. Patched versions are 4.7.5+ 4.6.8+ and 4.8.0+.

Enhancements and features (1)

  • #17681 from MegaManSec - This PR adds a new datastore option for Jenkins home directory to the jenkins_gather module.

Bugs fixed (0)

None

Documentation added (1)

  • #18186 from adfoster-r7 - This PR updates multiple code and console snippets within the Wiki to now have syntax highlighting

You can always find more documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).