This Metasploit module extracts the usernames and hashed passwords of all users of the Pimcore web service by exploiting a SQL injection vulnerability in Pimcores REST API. Pimcore begins to create password hashes by concatenating a users username, the name of the application, and the users password in the format USERNAME:pimcore:PASSWORD. The resulting string is then used to generate an MD5 hash, and then that MD5 hash is used to create the final hash, which is generated using PHPs built-in password_hash function.
a1fac0dca0eb708a1348babebd5e4be27016a27680c8d2967d94171f313a98ca
Pimcore versions 5.2.3 and below suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
aba5d313c5fdfdbdc045ef60b644c928c5b431384880c30e65d8e7dc0393c95b