Lucene search
+L

4 matches found

0day.today
0day.today
added 2024/10/22 12:0 a.m.594 views

BYOB Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation...

9.8CVSS7.8AI score0.05635EPSS
Exploits3
Packet Storm
Packet Storm
added 2024/10/16 12:0 a.m.531 views

BYOB Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...

9.8CVSS7.4AI score0.05635EPSS
Exploits3
Metasploit
Metasploit
added 2024/10/15 6:54 p.m.401 views

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)

This module exploits two vulnerabilities in the BYOB Build Your Own Botnet web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page...

9.8CVSS8.8AI score0.05635EPSS
Exploits3
Circl
Circl
added 2024/10/15 3:35 p.m.18 views

CVE-2024-45257

creationtimestamp| type| source ---|---|--- 2024-10-15 15:35:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/byobunauthrce.rb 2025-02-06 03:13:46+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:11:04+00:00| seen|...

7.3CVSS9.2AI score0.03891EPSS
Exploits3References2
Rows per page
Query Builder