Weaponizing Perl Serialization Flaws with MetaSploit
Talk at the Houston Perl Mongers that walks through the weaponization of CVE-2015-1592 in MovableType.
The metasploit modules and payload generating source code is available here:
https://github.com/lightsey/cve-2015-1592
Final version merged to metasploit is here:
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/sixapart_movabletype_storable_exec.rb