## I like to MOVEit, MOVEit, We like to MOVEit!
Party hard just like it’s Mardi Gras! [bwatters-r7]() delivered the dance moves this week with a masterful performance. The `windows/http/moveit_cve_2023_34362` module is available for all your party needs, taking advantage of [CVE-2023-34362](), this module gets into the `MOVEit` database and nets shells to help you “Keep on jumpin’ off the floor”!
## New module content (1)
### MOVEit SQL Injection vulnerability
Authors: bwatters-r7, rbowes-r7, and sfewer-r7
Type: Exploit
Pull request: [#18100]() contributed by [bwatters-r7]()
AttackerKB reference: [CVE-2023-34362]()
Description: Adds a new module targeting the MOVEit Transfer web application that allows an unauthenticated attacker to gain access to MOVEit Transferâs database.
## Enhancements and features (7)
* [#18078]() from [zeroSteiner]() – This adds support to the `auxiliary/admin/dcerpc/icpr_cert` module to issue certificates for an explicit SID by specifying it within the `NTDS_CA_SECURITY_EXT`. This addition ensures that ESC1 will remain exploitable when issuing certificates with an SID becomes a requirement.
* [#18117]() from [smashery]() – This adds Windows 10 revision number extraction to the Windows version Post API.
* [#18118]() from [smashery]() – This PR updates the User Agent strings for June 2023.
* [#18119]() from [adfoster-r7]() – This adds support for only running user specified test names in modules loaded by running `loadpath test/modules`.
* [#18126]() from [adfoster-r7]() – This PR adds additional logging to the `test/file` module. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running `loadpath test/modules`.
* [#18127]() from [adfoster-r7]() – This PR adds additional `test/railgun_reverse_lookup` tests for macOS and Linux.
## Bugs fixed (5)
* [#17576]() from [gwillcox-r7]() – This fixes a bug where adding and deleting tags to multiple hosts was not functioning correctly.
* [#18049]() from [cgranleese-r7]() – This PR updates Jenkins modules to work with newer versions. Previously they fell over with a CSRF failure and gave a false negative result.
* [#18094]() from [zeroSteiner]() – Fixes an edgecase with `windows/meterpreter/reverse_tcp` where there was a small chance of an invalid stager being created.
* [#18104]() from [adfoster-r7]() – This PR fixes an issue that falsely caused empty file reads on Meterpreter.
* [#18124]() from [adfoster-r7]() – Fixes the broken `test/extapi` module. The module was facing issues returning clipboard data that pertained to the session being tested, this issue has been resolved. This module is useful for developers contributing enhancements or new functionality to Meterpreter and other payloads. It is available after running `loadpath test/modules`.
* [#18132]() from [jmartin-r7]() – This PR reverts the changes from #17942 which was an improvement to AMSI bypass on new versions of windows. PR #17942 broke psexec and this PR reverts that issue.
## Documentation
You can find the latest Metasploit documentation on our docsite at [docs.metasploit.com]().
## Get it
As always, you can update to the latest Metasploit Framework with `msfupdate`
and you can get more details on the changes since the last blog post from
GitHub:
* [Pull Requests 6.3.21…6.3.22]()
* [Full diff 6.3.21…6.3.22]()
If you are a `git` user, you can clone the [Metasploit Framework repo]() (master branch) for the latest.
To install fresh without using git, you can use the open-source-only [Nightly Installers]() or the
[binary installers]() (which also include the commercial edition).Read More