Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
Christian Mehlmauer
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
jvazquez-r7
69369c04b3
Land #3126 , @xistence's exploit for SePortal
2014-03-28 13:52:59 -05:00
jvazquez-r7
7b56c9edac
Add references
2014-03-28 13:51:56 -05:00
Kurt Grutzmacher
0b766cd412
changes per firefart
2014-03-27 10:08:44 -07:00
Kurt Grutzmacher
744308bd35
tab...
2014-03-27 05:24:55 -07:00
Kurt Grutzmacher
a8c96213f0
normalize_uri for wp_property_upload_exec
2014-03-27 05:22:56 -07:00
Tod Beardsley
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
jvazquez-r7
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
jvazquez-r7
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
jvazquez-r7
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
xistence
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
sinn3r
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
xistence
2845f834c6
changed cookie retrieval to res.get_cookies
2014-03-20 16:39:26 +07:00
xistence
7bfb8e95e6
minor changes to seportal module
2014-03-20 13:44:39 +07:00
xistence
5ef49ff64b
SePortal 2.5 SQLi Remote Code Execution
2014-03-20 12:02:06 +07:00
jvazquez-r7
d6faf20981
Make title more accurate
2014-03-19 12:43:34 -05:00
jvazquez-r7
379c0efd5a
Update POP chain documentation
2014-03-18 16:29:30 -05:00
jvazquez-r7
77c128fbc5
Fix disclosure date and add ref
2014-03-18 16:21:44 -05:00
jvazquez-r7
b6e8bb62bb
Switch exploitation technique to use default available classes
2014-03-18 16:07:50 -05:00
jvazquez-r7
f86fd8af5d
Delete debug print
2014-03-17 21:01:41 -05:00
jvazquez-r7
3bdd906aae
Add module for CVE-2014-1691
2014-03-17 20:47:45 -05:00
Tod Beardsley
c916b62f47
Removes hash rockets from references.
...
[SeeRM #8776 ]
2014-03-17 09:40:32 -05:00
William Vu
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Tod Beardsley
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
jvazquez-r7
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
jvazquez-r7
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
jvazquez-r7
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
bcoles
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
sinn3r
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
sinn3r
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
sinn3r
ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution
2013-12-20 11:29:10 -06:00
sinn3r
d0ef860f75
Strip default username/password
...
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
bcoles
fb6cd9c149
add osvdb+url refs and module tidy up
2013-12-20 20:27:07 +10:30
bcoles
fc2da15c87
Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349
2013-12-19 19:10:48 +10:30
jvazquez-r7
198667b650
Land #2774 , @Mekanismen's module for CVE-2013-7091
2013-12-18 16:23:44 -06:00
jvazquez-r7
aec2e0c92c
Change ranking
2013-12-18 16:23:14 -06:00
jvazquez-r7
d4ec858051
Clean zimbra_lfi
2013-12-18 15:46:37 -06:00
Mekanismen
0c0e8c3a49
various updates
2013-12-18 20:54:35 +01:00
Mekanismen
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
Tod Beardsley
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
jvazquez-r7
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
jvazquez-r7
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
Tod Beardsley
f5a45bfe52
@twitternames not supported for author fields
...
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address . Should
be fixed some day.
2013-12-04 13:31:22 -06:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
jvazquez-r7
47bff9a416
Land #2711 , @Mekanismen exploit for wordpress OptimizePress theme
2013-12-02 16:30:24 -06:00
jvazquez-r7
5c3ca1c8ec
Fix title
2013-12-02 16:30:01 -06:00