This update includes 12 new modules, including exploits for OpenEMR, Foxit Reader, Microsoft Windows, and BigAnt Server. It also includes modules for D-Link DIR-series routers, Ruby on Rails, and a number of DNS enumeration techniques.
- OpenEMR PHP File Upload Vulnerability by juan vazquez and Gjoko Krstic exploits OSVDB-90222
- Foxit Reader Plugin URL Processing Buffer Overflow by juan vazquez, Sven Krewitt, and rgod exploits OSVDB-89030
- Windows Manage User Level Persistent Payload Installer by Brandon McCann and Thomas McCarthy
- BigAnt Server DUPF Command Arbitrary File Upload by juan vazquez and Hamburgers Maccoy exploits CVE-2012-6274
- BigAnt Server 2 SCH And DUPF Buffer Overflow by juan vazquez and Hamburgers Maccoy exploits CVE-2012-6275
Auxiliary and post modules
- D-Link DIR-600 / DIR-300 Unauthenticated Remote Command Execution by m-1-k-3 exploits OSVDB-89861
- Ruby on Rails Devise Authentication Password Reset by jjarmoc and joernchen exploits CVE-2013-0233
- DNS Brutefoce Enumeration by Carlos Perez
- DNS Basic Information Enumeration by Carlos Perez
- DNS Reverse Lookup Enumeration by Carlos Perez
- DNS Common Service Record Enumeration by Carlos Perez
- Ruby on Rails JSON Processor YAML Deserialization Scanner by hdm and jjarmoc exploits CVE-2013-0333
No outstanding bugs were resolved in this update.
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.2 updates to 4.5.2-2013022001
MSF3 4.5.2 updates to 4.5.2-2013022001