Commit Graph

540 Commits (0a99b549d6b793dbdd4bc5b4637360c7ddeb3119)

Author SHA1 Message Date
Spencer McIntyre ae25c300e5 Initial attempt to unify the command stagers. 2014-06-27 08:34:55 -04:00
Christian Mehlmauer 8e1949f3c8
Added newline at EOF 2014-06-17 21:03:18 +02:00
Christian Mehlmauer 8d4d40b8ba
Resolved some Set-Cookie warnings 2014-05-24 00:34:46 +02:00
jvazquez-r7 69369c04b3
Land #3126, @xistence's exploit for SePortal 2014-03-28 13:52:59 -05:00
jvazquez-r7 7b56c9edac Add references 2014-03-28 13:51:56 -05:00
Kurt Grutzmacher 0b766cd412 changes per firefart 2014-03-27 10:08:44 -07:00
Kurt Grutzmacher 744308bd35 tab... 2014-03-27 05:24:55 -07:00
Kurt Grutzmacher a8c96213f0 normalize_uri for wp_property_upload_exec 2014-03-27 05:22:56 -07:00
Tod Beardsley cfdd64d5b1
Title, description grammar and spelling 2014-03-24 12:16:59 -05:00
jvazquez-r7 c7ba7e4d92
Land #3131, @xistence's exploit for CVE-2014-1903 2014-03-24 08:48:06 -05:00
jvazquez-r7 c3b753f92e Make PHPFUNC advanced option 2014-03-24 08:47:31 -05:00
jvazquez-r7 4f333d84c9 Clean up code 2014-03-24 08:15:54 -05:00
xistence c4f0d8e179 FreePBX config.php RCE CVE-2014-1903 2014-03-21 10:29:15 +07:00
sinn3r b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution 2014-03-20 12:32:14 -05:00
xistence 2845f834c6 changed cookie retrieval to res.get_cookies 2014-03-20 16:39:26 +07:00
xistence 7bfb8e95e6 minor changes to seportal module 2014-03-20 13:44:39 +07:00
xistence 5ef49ff64b SePortal 2.5 SQLi Remote Code Execution 2014-03-20 12:02:06 +07:00
jvazquez-r7 d6faf20981 Make title more accurate 2014-03-19 12:43:34 -05:00
jvazquez-r7 379c0efd5a Update POP chain documentation 2014-03-18 16:29:30 -05:00
jvazquez-r7 77c128fbc5 Fix disclosure date and add ref 2014-03-18 16:21:44 -05:00
jvazquez-r7 b6e8bb62bb Switch exploitation technique to use default available classes 2014-03-18 16:07:50 -05:00
jvazquez-r7 f86fd8af5d Delete debug print 2014-03-17 21:01:41 -05:00
jvazquez-r7 3bdd906aae Add module for CVE-2014-1691 2014-03-17 20:47:45 -05:00
Tod Beardsley c916b62f47
Removes hash rockets from references.
[SeeRM #8776]
2014-03-17 09:40:32 -05:00
William Vu 25ebb05093 Add next chunk of fixes
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
William Vu 170608e97b Fix first chunk of msftidy "bad char" errors
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7 79d559a0c9 Fix MIME message to_s 2014-02-10 22:23:23 -06:00
Tod Beardsley 7e2a9a7072
More desc fixes, add a vprint to give a hint 2014-02-03 13:18:52 -06:00
jvazquez-r7 710902dc56 Move file location 2014-01-31 09:18:59 -06:00
jvazquez-r7 f086655075
Land #2913, @bcoles Exploit for Simple E-Document 2014-01-27 08:09:45 -06:00
jvazquez-r7 861126fdbd Clean exploit code 2014-01-27 08:09:18 -06:00
bcoles 32d6032893 Add Simple E-Document Arbitrary File Upload module 2014-01-24 19:19:25 +10:30
sinn3r 689999c8b8 Saving progress
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
sinn3r fe767f3f64 Saving progress
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
sinn3r ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution 2013-12-20 11:29:10 -06:00
sinn3r d0ef860f75 Strip default username/password
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
bcoles fb6cd9c149 add osvdb+url refs and module tidy up 2013-12-20 20:27:07 +10:30
bcoles fc2da15c87 Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349 2013-12-19 19:10:48 +10:30
jvazquez-r7 198667b650
Land #2774, @Mekanismen's module for CVE-2013-7091 2013-12-18 16:23:44 -06:00
jvazquez-r7 aec2e0c92c Change ranking 2013-12-18 16:23:14 -06:00
jvazquez-r7 d4ec858051 Clean zimbra_lfi 2013-12-18 15:46:37 -06:00
Mekanismen 0c0e8c3a49 various updates 2013-12-18 20:54:35 +01:00
Mekanismen 2de15bdc8b added module for Zimbra Collaboration Server CVE-2013-7091 2013-12-17 19:32:04 +01:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jvazquez-r7 d47292ba10 Add module for CVE-2013-3522 2013-12-06 13:50:12 -06:00
jvazquez-r7 e4c6413643
Land #2718, @wchen-r7's deletion of @peer on HttpClient modules 2013-12-05 17:25:59 -06:00
Tod Beardsley f5a45bfe52
@twitternames not supported for author fields
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address. Should
be fixed some day.
2013-12-04 13:31:22 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
jvazquez-r7 47bff9a416
Land #2711, @Mekanismen exploit for wordpress OptimizePress theme 2013-12-02 16:30:24 -06:00
jvazquez-r7 5c3ca1c8ec Fix title 2013-12-02 16:30:01 -06:00