| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for Server-Side Request Forgery in Emby | 22 Jul 202023:30 | – | githubexploit | |
| CVE-2020-26948 | 11 Oct 202000:35 | – | circl | |
| Emby Server Cross-Site Request Forgery Vulnerability | 20 Oct 202000:00 | – | cnvd | |
| CVE-2020-26948 | 10 Oct 202020:12 | – | cve | |
| CVE-2020-26948 | 10 Oct 202020:12 | – | cvelist | |
| Emby SSRF HTTP Scanner | 13 Jun 202117:55 | – | metasploit | |
| Emby < 4.5.0 - Server Server-Side Request Forgery | 28 Jun 202615:08 | – | nuclei | |
| CVE-2020-26948 | 10 Oct 202021:15 | – | nvd | |
| Emby Server < 4.5.0 SSRF Vulnerability | 10 Sep 202100:00 | – | openvas | |
| CVE-2020-26948 | 10 Oct 202021:15 | – | osv |
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
def initialize
super(
'Name' => 'Emby Version Scanner',
'Description' => 'This module attempts to identify the version of an Emby Media Server running on a
host. If you wish to see all the information available, set VERBOSE to true. Use in
conjunction with emby_ssrf_scanner to locate devices vulnerable to CVE-2020-26948.',
'Author' => 'Btnz',
'License' => MSF_LICENSE,
'Disclosure Date' => '2020-10-01',
'Notes' => {
'Stability' => [],
'SideEffects' => [],
'Reliability' => [],
'RelatedModules' => ['auxiliary/scanner/http/emby_ssrf_scanner']
},
'References' => [
['CVE', '2020-26948'],
['URL', 'https://github.com/btnz-k/emby_ssrf']
]
)
register_options(
[
Opt::RPORT(8096),
OptString.new('TARGETURI', [true, 'The base path, usually just /', '/']),
OptInt.new('TIMEOUT', [true, 'Timeout for the version scanner', 30])
]
)
deregister_options('SSL')
end
def run_host(ip)
res = send_request_cgi({
'uri' => "#{datastore['TARGETURI']}System/Info/Public",
'method' => 'GET'
}, datastore['TIMEOUT'])
if res.nil? || res.code != 200
print_error('Failed to connect to an Emby Server')
return
end
result = res.get_json_document
print_status("Identifying Media Server Version on #{peer}")
print_good("[Media Server] URI: http://#{peer}#{datastore['TARGETURI']}")
print_good("[Media Server] Version: #{result['Version']}")
print_good("[Media Server] Internal IP: #{result['LocalAddress']}") if result['LocalAddress'].to_s != ''
print_good('*** Vulnerable to SSRF module auxiliary/scanner/http/emby_ssrf_scanner! ***') if Rex::Version.new(result['Version'].to_s) < Rex::Version.new('4.5.0')
report_service(
host: rhost,
port: rport,
name: 'emby',
info: "Emby Server v.#{result['Version']} (LAN:#{result['LocalAddress']})"
)
vprint_status "All info: #{result}"
report_note(
host: ip,
port: rport,
proto: 'tcp',
ntype: 'server_version',
data: { version: result['Version'] },
info: "Media Server v.#{result['Version']}"
)
vprint_status('Saving host information.')
report_host(
host: ip,
info: "Emby Server v.#{result['Version']} (LAN:#{result['LocalAddress']})"
)
end
end
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation