Plex Unpickle Dict Windows Remote Code Execution
https://packetstormsecurity.com/files/158470/plex_unpickle_dict_rce.rb.txt
https://packetstormsecurity.com/files/158470/plex_unpickle_dict_rce.rb.txthttps://packetstormsecurity.com/files/158470/Plex-Unpickle-Dict-Windows-Remote-Code-Execution.htmlFri, 17 Jul 2020 19:41:31 GMTThis Metasploit module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled, which causes remote code execution as the user who started Plex. Plex_Token is required, to get it you need to log-in through a web browser, then check the requests to grab the X-Plex-Token header. See info -d for additional details. If an exploit fails, or is cancelled, Dict is left on disk, a new ALBUM_NAME will be required as subsequent writes will make Dict-1, and not execute.