fb95abc645
Land #6909 , Add WordPress Ninja Forms unauthenticated file upload
2016-05-25 15:40:10 -05:00
14e1baf331
Minor style changes
2016-05-25 15:39:26 -05:00
19c4d5b02b
Remove hard coded target path
2016-05-25 18:04:26 +01:00
028b1ac251
Land #6816 Oracle Application Testing Suite File Upload
2016-05-24 18:27:10 -05:00
5c6b93c1cf
Land #6883 , Add Ubiquiti airOS exploit
2016-05-24 07:26:40 -05:00
5bf8891c54
Land #6882 , fix moodle_cmd_exec HTML parsing to use REX
2016-05-23 23:25:22 -05:00
adb8098b8c
Fix typo
2016-05-24 00:16:04 +01:00
aae7c25603
Add WordPress Ninja Forms unauthenticated file upload module
2016-05-23 23:47:41 +01:00
6581fbd294
Add note about "mf" malware
...
This is the malware I found upon shelling my friend's device.
2016-05-20 23:09:10 -05:00
506356e15d
Land #6889 , check #nil? and #empty? instead of #empty?
2016-05-19 19:23:04 -05:00
99a573a013
Do unless instead "if !" to follow the Ruby guideline
2016-05-19 19:21:45 -05:00
a16f4b5167
Return nil properly in rescue
...
Missed this because I copypasta'd myself.
2016-05-19 15:35:38 -05:00
d018bba301
Store SSH key as a note
...
I know, I know, it should use the creds model. >:[
2016-05-19 15:12:58 -05:00
9f738c3e41
Add note about overwritten files
2016-05-19 15:07:27 -05:00
8fccb26446
Add Ubiquiti airOS exploit
...
Thanks to my friend wolf359 for providing a test device!
2016-05-19 14:50:20 -05:00
b5284375a7
osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:16:53 -05:00
11fedd7353
ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:15:28 -05:00
a6405beeda
ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:13:40 -05:00
41bcdcce61
fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:11:57 -05:00
bc257ea628
fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-18 00:10:32 -05:00
68b83c6e3a
datastore['CMD'].blank?
2016-05-17 23:56:59 -05:00
a4e7e373f3
fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass
2016-05-17 17:55:18 -05:00
e8ac568352
doesn't look like we're using the tcp mixin
2016-05-17 03:15:26 -05:00
08394765df
Fix #6879 , REXML::ParseException No close tag for /div
2016-05-17 03:14:00 -05:00
cf0176e68b
Land #6867 , Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-16 19:00:10 -05:00
8e85e8f9d7
Land #6859 , Add TP-Link sc2020n Module
2016-05-15 12:33:54 -05:00
21d74a64fe
Land #6874 , Improve exploit for CVE-2016-0854
2016-05-14 11:08:17 -05:00
0d176f2c92
remove a couple of unnecessary ternary ops
2016-05-14 11:07:43 -05:00
a940481f62
Land #6834 , Authorized FTP JCL exploit for z/OS
2016-05-13 21:29:45 -05:00
5c494480e6
handle failure more gracefully
2016-05-13 21:29:25 -05:00
3b5db26ff5
Fix #6872 , change upload action for CVE-2016-0854 exploit
...
This patch includes the following changes:
* Instead of the uploadFile action, this patch uses uploadImageCommon
to be able to support both Advantech WebAccess builds: 2014 and
2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
different builds of Advantech WebAccess 8.0s, and 8.1.
Fix #6872
2016-05-13 19:47:18 -05:00
2d5cf6cfe4
Authorized FTP JCL exploit for z/OS
...
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
2016-05-12 14:46:31 -05:00
8f9762a3e5
Fix some comments
2016-05-12 00:19:18 -05:00
da293081a9
Fix a typo
2016-05-11 22:48:23 -05:00
9d128cfd9f
Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection
2016-05-11 22:27:18 -05:00
4b23d2dc58
Adjusting exception handling
...
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
2016-05-11 17:18:51 -05:00
32e1a19875
Fix up the disclosure date
2016-05-11 00:18:22 -05:00
ded79ce1ff
Fix CVE syntax
2016-05-10 23:18:45 -05:00
4a5d150716
Fixups to continue supporting Rails 4.2.x
2016-05-10 23:12:48 -05:00
04bb493ccb
Small typo fixed
2016-05-10 23:07:51 -05:00
32ae3e881e
Adding save_cred and exception handling to module
...
This commit adds a save_cred method for saving off the credentials
upon a successful login attempt. Also, exception handling surrounding
the opening of the telnet socket has been added to avoid any accidental
resource leaking.
2016-05-10 20:54:44 -05:00
7c6958bbd8
Rework rails_web_console_v2_code_exec to support CVE-2015-3224
2016-05-10 11:08:02 -05:00
3db72e9b4b
Land #6853 , use send_request_cgi! for CVE-2016-0854 exploit
2016-05-09 16:10:04 -05:00
8eb3193941
Adding TP-Link sc2020n Module
...
This module exploits a command injection vulnerability in
TP-Link sc2020n network video cameras in order to start the
telnet daemon on a random port. The module then connects to
the telnet daemon, which returns a root shell on the device.
2016-05-08 14:02:50 -05:00
2abb062070
Clean up module
2016-05-06 11:51:29 -05:00
e4e6246692
Merge branch 'master' of github.com:rapid7/metasploit-framework
2016-05-06 10:55:52 -05:00
8dc7de5b84
Land #6838 , add Rails web-console module
2016-05-05 15:53:52 -05:00
1bc2ec9c11
Update vulnerable versions to include 6.x (legacy)
2016-05-05 14:18:42 -05:00
26b749ff5a
Add default LHOST
...
This is a massive workaround and probably shouldn't be done. :-)
2016-05-05 14:18:42 -05:00
5c713d9f75
Set default payload
...
Land #6849 for this to be effective.
2016-05-05 14:18:42 -05:00
wchen-r7
rastating
William Webb
Brent Cook
William Vu
Vex Woo
Bigendian Smalls
Nicholas Starke
HD Moore
David Maloney
Louis Sato