





























We’re happy to announce that Metasploit Framework had a big week, landing seven new modules alongside various bug fixes and enhancements. This week’s highlights include RCE modules targeting AVideo, openDCIM, Selenium Grid/Selenoid, and ChurchCRM. On the post-exploitation side, Windows saw three new persistence techniques added as modules, targeting Telemetry scheduled tasks, PowerShell profiles, and Microsoft BITS.
What a time to be alive as a Metasploit user! We wish you all a wonderful weekend and happy hacking.
Authors: Valentin Lobstein [email protected] and arkmarta
Type: Auxiliary
Pull request: #21075 contributed by Chocapikk
Path: gather/avideo_catname_sqli
AttackerKB reference: CVE-2026-28501
Description: Adds an auxiliary module for CVE-2026-28501, an unauthenticated SQL injection in AVideo <= 22.0, along with a new BenchmarkBasedBlind SQLi mixin class and blind extraction improvements.
Author: Valentin Lobstein [email protected]
Type: Exploit
Pull request: #21034 contributed by Chocapikk
Path: linux/http/opendcim_install_sqli_rce
AttackerKB reference: CVE-2026-28517
Description: This PR adds a new exploit module for openDCIM that chains three vulnerabilities (https://github.com/advisories/GHSA-mg2w-x76x-59h8, https://github.com/advisories/GHSA-prmh-rp39-qc4m, https://github.com/advisories/GHSA-428h-8xhf-g3cw) to achieve remote code execution.
Authors: Jon Stratton, Takahiro Yokoyama, Valentin Lobstein [email protected], and Wiz Research
Type: Exploit
Pull request: #21003 contributed by Chocapikk
Path: linux/http/selenium_greed_rce
Description: This replaces the two separate Selenium Grid RCE modules (Chrome and Firefox) with a single unified module that auto-detects available browsers and selects the best attack vector. The module targets unauthenticated Selenium Grid and Selenoid instances, supporting two techniques: a Firefox profile handler injection that works on all Grid versions including the latest (never patched since 2021), and a Chrome binary override for Grid versions prior to 4.11.0 and all Selenoid versions. No authentication is required.
Author: LucasCsmt
Type: Exploit
Pull request: #21095 contributed by LucasCsmt
Path: multi/http/churchcrm_db_restore_rce
AttackerKB reference: CVE-2025-68109
Description: Adds a new exploit module for CVE-2025-68109, targeting a file upload vulnerability inside ChurchCRM leading to an RCE. This module will work on version 6.2.0 of ChurchCRM and earlier.
Author: h00die
Type: Exploit
Pull request: #20839 contributed by h00die
Path: windows/persistence/bits
Description: This adds a new persistence module that uses Microsoft Bits to maintain access to the system.
Author: madefourit
Type: Exploit
Pull request: #20933 contributed by madefourit
Path: windows/persistence/powershell_profile
Description: This adds a new persistence module that uses powershell profiles to maintain access.
Author: h00die
Type: Exploit
Pull request: #20843 contributed by h00die
Path: windows/persistence/telemetry
Description: Adds a new persistence module, exploit/windows/persistence/telemetry, that abuses the Windows Telemetry scheduled task (Microsoft Compatibility Appraiser / CompatTelRunner) to establish persistence. The module writes a payload to disk and configures the telemetry task to execute it, resulting in a SYSTEM-level Meterpreter session either on the next scheduled run or immediately on demand. Requires an admin-level Meterpreter session on the target.
You can always find more documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the commercial edition Metasploit Pro
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。