This updates Metasploit to 4.8.2.
This update includes 8 new modules, including exploits for Up.Time Monitoring Station, Wordpress OptimizePress Theme, vBulletin and Kaseya. It also contains new modules for Ruby on Rails, vBulletin, Cisco ASA, and Windows.
In addition, this update fixes 6 issues.
- Up.Time Monitoring Station post2file.php Arbitrary File Upload by Denis Andzakovic exploits OSVDB-100423
- WordPress OptimizePress Theme File Upload Vulnerability by Mekanismen and United of Muslim Cyber Army
- vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection by juan vazquez and Orestis Kourides exploits CVE-2013-3522
- Kaseya uploadImage Arbitrary File Upload by Thomas Hibbert exploits OSVDB-99984
Auxiliary and post modules
- Ruby on Rails Action View MIME Memory Exhaustion by sinn3r, Toby Hsieh, and joev exploits CVE-2013-6414
- vBulletin Password Collector via nodeid SQL Injection by sinn3r, juan vazquez, and Orestis Kourides exploits CVE-2013-3522
- Cisco ASA ASDM Bruteforce Login Utility by Jonathan Claudius
- Windows Gather Skype, Firefox, and Chrome Artifacts by Joshua Harper (@JonValt)
Notable Changes and Resolved Issues
- Upgrades Rails to 3.2.16 due to CVE-2013-4491, CVE-2013-6414 and CVE-2013-4492
- Upgrade Postgres to 9.3.2
- Protect against RJS vulnerability
- 8140 - Avoid migration in ppr_flatten_rec
- 8283 - Meterpreter Win32-SshServer fails to check status
- 8696 - Meterpreter session hangs around even when 'exit'ed from an AutoRunScript
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.1 updates to 4.8.2-2013121101
MSF3 4.8.1 updates to 4.8.2-2013121101