Commit Graph

16142 Commits (07f8eb6a07e518ffa4baf9b02bce5ed7eddb253e)

Author SHA1 Message Date
HD Moore 07f8eb6a07 Fix up a typo 2013-01-09 13:05:27 -06:00
HD Moore adb4c89602 Add a scanner module for CVE-2013-0156 2013-01-09 12:50:38 -06:00
jvazquez-r7 52157b9124 extplorer_upload_exec cleanup 2013-01-09 19:45:17 +01:00
jvazquez-r7 8f91352c4a Merge branch 'extplorer_upload_exec' of https://github.com/bcoles/metasploit-framework into bcoles-extplorer_upload_exec 2013-01-09 19:44:43 +01:00
jvazquez-r7 7a1a9985d5 Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions 2013-01-09 18:21:03 +01:00
sinn3r 6490af720b Make failures more verbose so people know what's going on 2013-01-09 11:11:26 -06:00
sinn3r 4e70f7d888 Merge branch 'bug/rm7139-smtp_enum-false-positive' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7139-smtp_enum-false-positive 2013-01-09 01:13:43 -06:00
Sam Gaudet 7d1716b79f Turnkey Linux default password 2013-01-08 22:47:53 -05:00
Tod Beardsley fe81d02227 Merge remote-tracking branch 'bturner-r7/update-licensing' 2013-01-08 15:31:41 -06:00
Brandon Turner 67e8e40640 Replace THIRD_PARTY with machine-readable LICENSE 2013-01-08 13:38:18 -06:00
James Lee 95a95d45ec Fix importing msfxml files containing a session
[See #1179][SeeRM #7669]
2013-01-08 12:13:20 -06:00
lmercer 69485ba261 made changes as specified in Redmine Bug #7139 2013-01-08 12:14:57 -05:00
Tod Beardsley 2c3ccb5207 I dont hold all the BSD rights. 2013-01-08 07:44:54 -06:00
HD Moore 4eb35b5c1d Fix typo in license text 2013-01-07 23:29:49 -06:00
sinn3r e8b7a2db32 Merge branch 'jduck-smb_login_format_fix_rm_7657' 2013-01-07 22:36:14 -06:00
sinn3r be36c4ebef Some machines are sensitive about this. 2013-01-07 22:32:43 -06:00
sinn3r 90e755c6c6 Merge branch 'smb_login_format_fix_rm_7657' of github.com:jduck/metasploit-framework into jduck-smb_login_format_fix_rm_7657 2013-01-07 22:26:25 -06:00
Joshua J. Drake 3ceb313752 Fixes format string issue in smb_login - FixRM #7657 2013-01-07 22:17:49 -06:00
Tod Beardsley 2ae8a08db9 Add license for Byakugan, per e-mail from Lurene.
Ask pusscat@metasploit.com if you don't believe me -- got her license
statement today.
2013-01-07 22:06:20 -06:00
Joshua J. Drake d9789534ad Revert "Change temporary directory name, clean more things"
This reverts commit 302f20e089.
2013-01-07 22:04:38 -06:00
Joshua J. Drake 18a1a25316 Revert "Do not remove outputs on clean"
This reverts commit 3f2430a8a0.
2013-01-07 22:04:27 -06:00
Joshua J. Drake c74d258509 Revert "Fixes format string issue in smb_login - FixRM #7657"
Will replay on separate branch.

This reverts commit a12b628ccc.
2013-01-07 22:03:57 -06:00
Joshua J. Drake 60987de854 Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-07 21:20:20 -06:00
Joshua J. Drake a12b628ccc Fixes format string issue in smb_login - FixRM #7657 2013-01-07 21:20:09 -06:00
sinn3r 2a1ab2c99a Improve the module 2013-01-07 19:03:58 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
sinn3r 824bd84990 I forgot to add this exception 2013-01-07 18:06:39 -06:00
Charlie Eriksen 4e0fca6d0f Adding DB error handling
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.

Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
sinn3r fc48cc117d Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:19:52 -06:00
sinn3r 83ce282a75 Merge branch 'bug/rm7665-netsparker-import' of github.com:jlee-r7/metasploit-framework into jlee-r7-bug/rm7665-netsparker-import 2013-01-07 17:18:04 -06:00
James Lee a0e6c7043b Add actual cdata handler
Netsparker puts requests, responses, and info for vulns inside a cdata
(which makes sense because it's usually html snippets). This commit
handles that so report_web_vuln will actually be somewhat useful. Note
that the request is ignored by report_web_vuln despite there being a
place for it in the WebVuln model.

[SeeRM #7665]
2013-01-07 17:16:48 -06:00
James Lee 8bfca52941 Clear state for new vulns
[FixRM #7665]
2013-01-07 16:27:40 -06:00
sinn3r 5bc1066c69 Change how modules use the mysql login functions 2013-01-07 16:12:10 -06:00
sinn3r 261e095e5e Handle exceptions in mysql_login 2013-01-07 16:02:59 -06:00
sinn3r 268de941c7 Merge branch 'tasos-r7-web-modules' 2013-01-07 13:37:32 -06:00
sinn3r b53e8c794f Fix indent level 2013-01-07 13:36:55 -06:00
sinn3r a59c474e3e Merge branch 'jvazquez-r7-ibm_cognos_tm1admsd_bof' 2013-01-07 13:34:52 -06:00
James Lee 3f9c459545 Fix ArgumentError when importing netsparker xml 2013-01-07 12:21:08 -06:00
Tod Beardsley 36adf86184 Various and sundry fixes for normalize_uri 2013-01-07 12:02:08 -06:00
Tod Beardsley 6a9445966a Caught missing paren 2013-01-07 11:21:55 -06:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Joshua J. Drake 708b6cf3dd Merge branch 'master' of github.com:rapid7/metasploit-framework 2013-01-06 11:55:16 -06:00
Charlie Eriksen a8df3d71ff Changes based on Sinn3r's feedback
A bucket-load of changes!

- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Rob Fuller 986435c598 Fix typo
Typo found by @schierlm but mentioned after the commit of pull request #1187
Info: https://github.com/rapid7/metasploit-framework/pull/1187#commitcomment-2340457
2013-01-06 01:47:15 -05:00
jvazquez-r7 b6011e6013 Merge branch 'meaningful_error' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-meaningful_error 2013-01-06 01:09:01 +01:00
jvazquez-r7 f2245ea573 Merge branch 'msftidy_fix' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-msftidy_fix 2013-01-06 00:45:50 +01:00
sinn3r 3d3799d38d Ok... even more explicit 2013-01-05 13:39:31 -06:00
Charlie Eriksen a5113f0da4 Adding a check function
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.

So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen ae72022777 Improvement for CVE 2012-4915
Made two tiny improvements based on Meatballs' points

- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00