As the Metasploit discloses the new blueimp’s jQuery 9.22.0 RCE vulnerability which allows attackers to remotely execute code on the server which runs blueimp’s jQuery to get reverse meterpreter shell in return. This leads to the major issue and can give complete access to the server to the attacker.
The blueimp’s jQuery is a File Upload with multiple file selection, It works with any server-side platform like Google search Engine, PHP, Python, Ruby, and Java, etc. It supports standard HTML form file uploads. It also Supports Drags&Drop, audio, videos cross-domain, chunked and resumable file uploads. progress bar, validation and preview images, for jQuery.
Workflow
I just set up the blueimp’s jQuery on the xampp server. We added the ruby exploit module in the Metasploit framework downloaded from the exploit-db.com. The exploit sends the malicious codes to the blueimp’s jQuery which sends the reverse connection to our Metasploit listener which allows us to get the meterpreter shell.
POC I just set up the blueimp’s jQuery on the xampp server.
Then I open the msfconsole.
And I search exploit 45790 in the Metasploit. 45790 is a exploit code of Blueimp’s jQuery.
I set all the required options ( RHOSTS & TARGETURI) and hit enter after a few seconds I got Meterpreter shell.
Reference :- https://www.exploit-db.com/exploits/45790