A New Way to Encode PHP Payloads A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters. Ray Vulnerabilities This release of Metasploit Framework also features 3 new modules to target ray.io, which is a framework for distributing AI-related workloads across multiple machines, which makes it an excellent exploitation target. These modules can perform arbitrary file reads, perform remote code execution and command injection, making them a great all-round addition to a penetration testing workflow. The vulnerabilities for which modules are provided are: CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 New module content (9) Control iD iDSecure Authentication Bypass (CVE-2023-6329) Authors: Michael Heinzl and Tenable Type: Auxiliary Pull request: #19380 contributed by h4x-x0r Path: admin/http/idsecure_auth_bypass AttackerKB reference: CVE-2023-6329 Description: Adds an auxiliary module targeting CVE-2023-6329, an improper access control vulnerability, which allows an unauthenticated user to compute valid credentials and to add a new administrative user to the web interface of Control iD iDSecure <= v4.7.43.0. Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593) Authors: Michael Heinzl, mxalias, and ohnoisploited Type: Auxiliary Pull request: #19386 contributed by h4x-x0r Path:…Read More