Commit Graph

684 Commits (0f9032100dc72b8174dd1a90b1f73bd3ffb00a16)

Author SHA1 Message Date
sinn3r 27b8d1057f Another update
Thanks @joevennix
2015-02-05 12:23:32 -06:00
sinn3r 988b54f594 Another update 2015-02-05 12:01:19 -06:00
sinn3r 53134aeb17 Another update 2015-02-05 11:46:38 -06:00
sinn3r 871c8aa8d0 Use store_loot to store coookie 2015-02-05 11:36:35 -06:00
sinn3r dbe99014f2 An update 2015-02-05 11:29:52 -06:00
sinn3r 08d796c5e3 Don't need this line 2015-02-05 10:53:29 -06:00
sinn3r d6fe077f79 Try to make the filename more self explanatory 2015-02-05 09:53:38 -06:00
sinn3r ed6ee27896 Change public ip option name and store cookie to db 2015-02-05 09:48:45 -06:00
sinn3r 75c697c4dc Final 2015-02-05 04:36:44 -06:00
sinn3r 1ccfb6cb43 IE UXSS 2015-02-05 03:03:28 -06:00
William Vu 46210a4963
Fix punctuation 2015-01-26 12:05:54 -06:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 c6901caf39 Change module location 2015-01-24 10:14:46 -06:00
Jon Hart e46395f592
Land #4596, @pdeardorff-r7's memcached extractor 2015-01-22 08:00:19 -08:00
Jon Hart 1cdcd3ccfa
Use a more consistent format in Rex table and loot for memcache 2015-01-22 07:59:48 -08:00
pdeardorff-r7 0d4d06fb83 Print table for all scans, add preview size option 2015-01-20 11:12:47 -08:00
Jon Hart f1bf607386
Minor Ruby style cleanup 2015-01-20 08:47:47 -08:00
Jon Hart ef89a3d323
Add protocol reference 2015-01-20 08:34:08 -08:00
Jon Hart 9c97824d5c
Move MAXKEYS to advanced 2015-01-20 08:28:49 -08:00
Jon Hart 9d430eb1d5
Use the simpler 'version' command to get the version 2015-01-20 08:16:22 -08:00
Jon Hart 6588f92206
Move rex connection errors to vprint since this is a Scanner 2015-01-20 08:11:09 -08:00
Jon Hart 10100df054
report_service 2015-01-20 08:09:35 -08:00
Jon Hart b0bbce1190
Include peer in most prints 2015-01-20 08:00:02 -08:00
William Vu 84ecde30d1
Land #4586, mcafee_epo_xxe aux module 2015-01-18 00:50:10 -06:00
William Vu 57ca285f8a
Fix msftidy warnings 2015-01-18 00:49:52 -06:00
pdeardorff-r7 db3185231a add maxkeys option, dont store loot if localhost and improve streaming 2015-01-17 09:25:32 -08:00
pdeardorff-r7 f1bcbb7d78 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-16 09:57:17 -08:00
Brent Cook 7ef721bdd6 Might as well format the url all at once. 2015-01-16 09:01:25 -06:00
Brandon Perry 1929f36050 Update mcafee_epo_xxe.rb 2015-01-15 16:50:14 -06:00
Joe Vennix 8c3d4c8d07
Spelling tweak. 2015-01-15 15:19:46 -06:00
Joe Vennix 35c9a13199 Handle the usage of // (same-scheme) URLs. 2015-01-15 15:09:50 -06:00
pdeardorff-r7 507050b316 rescue from down memcached server or timeout 2015-01-15 09:51:42 -08:00
pdeardorff-r7 0e893cd772 Merge remote-tracking branch 'live/master' into feature/memcached-module 2015-01-15 09:40:21 -08:00
pdeardorff-r7 4d2ad8865f remove debug line 2015-01-15 09:37:51 -08:00
pdeardorff-r7 154eb7956c fix storing of loot and support localhost session 2015-01-15 09:36:15 -08:00
Brandon Perry 4e4ca15422 Update mcafee_epo_xxe.rb 2015-01-15 11:02:11 -06:00
Brandon Perry e53522b64b Update mcafee_epo_xxe.rb 2015-01-15 10:28:52 -06:00
Brandon Perry 86d5358299 Update mcafee_epo_xxe.rb 2015-01-15 09:56:02 -06:00
Brandon Perry 53e1304afb Update mcafee_epo_xxe.rb 2015-01-14 18:19:27 -06:00
Brandon Perry 1ed07bac32 Update mcafee_epo_xxe.rb 2015-01-14 11:01:14 -06:00
Brandon Perry 794bb65817 Create mcafee_epo_xxe.rb 2015-01-14 10:54:58 -06:00
pdeardorff-r7 99cf668441 add memcached extractor module 2015-01-12 16:40:06 -08:00
sinn3r 4257fef91b
Land #4101 - Konica MFP FTP and SMB credential gathering module 2015-01-05 10:31:28 -06:00
Tod Beardsley 264d3f9faa
Minor grammar fixes on modules 2014-12-31 11:45:14 -06:00
Tod Beardsley d10222365b
Add Rafay's blog as a reference 2014-12-29 08:12:19 -06:00
Tod Beardsley 1236684954
Use get_uri instead, note lack of Rex::Text method
See rapid7#4461
2014-12-28 15:06:34 -06:00
Tod Beardsley 788e315fd4
Fix msftidy warnings 2014-12-28 14:53:29 -06:00
Joe Vennix 8d73794cc8
Add hint for exploit on old devices. 2014-12-23 12:29:08 -06:00
Joe Vennix e45af903d9
Add patch discovery date. 2014-12-19 12:04:41 -06:00
Joe Vennix 25313b1712
Use the hash to pass the script. 2014-12-19 02:30:37 -06:00
Joe Vennix 84ea628284
Add Android cookie theft attack. 2014-12-16 19:12:01 -06:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Deral Heiland 0887127264 Fixed several recommended changes by jvazquez-r7 and jlee-r7 2014-11-30 00:53:24 -05:00
HD Moore 9fe4994492 Chris McNab has been working with MITRE to add these CVEs
These CVEs are not live yet, but have been confirmed by cve-assign
t
2014-11-16 18:42:53 -06:00
Jon Hart 57aef9a6f5
Land #4177, @hmoore-r7's fix for #4169 2014-11-13 18:29:57 -08:00
Tod Beardsley dd1920edd6
Minor typos and grammar fixes 2014-11-13 14:48:23 -06:00
HD Moore 6b4eb9a8e2 Differentiate failed binds from connects, closes #4169
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:

1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.

Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Deral Heiland 5bf8901822 Fixed several recommended changes by jvazquez-r7, Also Correct a XML parsing issue 2014-11-09 02:43:36 -05:00
Pedro Ribeiro e7b448537f Add OSVDB ids 2014-11-08 11:05:34 +00:00
jvazquez-r7 9d6e0664a4 Guess service name and port 2014-11-07 20:56:01 -06:00
jvazquez-r7 a44640c9fc Use single quotes 2014-11-07 20:48:04 -06:00
jvazquez-r7 7c1c08fc19 Use single quotes without interpolation 2014-11-07 20:46:47 -06:00
jvazquez-r7 0373156cce Use unless over if not 2014-11-07 20:42:08 -06:00
jvazquez-r7 f5a920da99 Use || operator 2014-11-07 20:41:44 -06:00
jvazquez-r7 64754a5609 Delete unnecessary begin..end block 2014-11-07 20:38:36 -06:00
jvazquez-r7 0919f74a3d Delete unused variable 2014-11-07 20:37:57 -06:00
jvazquez-r7 22b875d0f3 Reduce code complexity 2014-11-07 20:37:40 -06:00
jvazquez-r7 b1517e6ace Delete unnecessary nil comparision 2014-11-07 20:34:13 -06:00
jvazquez-r7 aa1fec7f02 Use fail_with 2014-11-07 20:33:33 -06:00
jvazquez-r7 d630eac272 Reduce code complexity 2014-11-07 20:32:15 -06:00
jvazquez-r7 cea30b5427 Use built-in format for RPORT 2014-11-07 20:30:32 -06:00
jvazquez-r7 e99cc00a57 No more than 100 columns on description 2014-11-07 20:29:38 -06:00
Pedro Ribeiro c00a3ac9cd Add full disclosure URL 2014-11-07 08:06:21 +00:00
Pedro Ribeiro 8a0249cdbf Address Juan's points 2014-11-06 21:02:28 +00:00
Pedro Ribeiro e71ba1ad4a Push exploit for CVE-2014-6038/39 2014-11-05 20:12:03 +00:00
William Vu ebb8b70472
Land #4015, another Android < 4.4 UXSS module 2014-11-04 15:52:29 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
sinn3r 6f013cdcaf Missed these 2014-10-31 18:48:48 -05:00
sinn3r d6a830eb6e Rescue the correct exception: Rex::HostUnreachable 2014-10-31 16:43:33 -05:00
Joe Vennix 1e9f9ce425
Handle invalid JSON errors and fix typo. 2014-10-31 11:01:49 -05:00
sinn3r 92ad2c434d
Land #4081 - Xerox workcentre 5735 LDAP service redential extractor 2014-10-30 13:52:07 -05:00
sinn3r 470a067384 Final changes 2014-10-30 13:51:44 -05:00
sinn3r 02b1c5c4bc Final changes 2014-10-30 13:37:02 -05:00
sinn3r 127d1640da Print password 2014-10-30 13:27:40 -05:00
Deral Heiland a6980b9eb8 Updated to module based feedback from wchen-r7 2014-10-30 12:59:11 -04:00
Joe Vennix 6dc13f90cd
Update descriptions to mention Webview bugginess. 2014-10-30 10:55:56 -05:00
Joe Vennix 0ad9f95806
Remove stray alert() for debugging. 2014-10-30 10:52:06 -05:00
Joe Vennix 88040fbce0
Add another Android < 4.4 UXSS exploit. 2014-10-30 10:34:14 -05:00
Peter Arzamendi 9d56f0298a Changed upper XXX to lower XXX. 2014-10-29 20:09:02 -05:00
Deral Heiland 6c13c14be1 Konica MFP ftp and SMB credential gathering module 2014-10-29 16:12:16 -04:00
Peter Arzamendi b35a8935db Updated get_once for get_once undefined method and EOFError 2014-10-29 13:47:07 -05:00
Peter Arzamendi 2bc8767751 Updated rescue to catch other errors from the socket API 2014-10-29 08:03:28 -05:00
Peter Arzamendi 604cad9fbb Updated timeout to default to 45 seconds to wait for the print job to finish. 2014-10-28 15:45:28 -05:00
Peter Arzamendi b17d6a661d Moved module to auxiliary/gather and updated timeout to wait for the printer job to complete before we try to grab the creds. 2014-10-28 15:23:47 -05:00
Peter Arzamendi 0e42cf25d1 Updated per wchen-r7's recommendations. Still waiting to hear on Nokogiri 2014-10-28 15:13:16 -05:00
sinn3r 6b9742b444
Land #3966 - Add exploit for CVE-2014-4872 BMC / Numara Track-It! 2014-10-20 11:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley 6ea3a78b47
Clarify the description on HP perfd module
Introduced in #3992
2014-10-14 11:58:52 -05:00
Jon Hart 76275a259a
Minor style cleanup of help and a failure message 2014-10-12 18:34:13 -07:00
Jon Hart c3a58cec9e
Make note of other commands to investigate 2014-10-11 13:07:52 -07:00
Jon Hart c80a5b5796 List commands in sorted order 2014-10-11 13:00:30 -07:00
Jon Hart 4ffc8b153c
Support running more than one perfd command in a single pass 2014-10-11 11:38:00 -07:00
Jon Hart c72593fae4
Store just banner for service, loot the rest. Also, minor style. 2014-10-11 11:12:49 -07:00
Jon Hart 9550c54cd2
Correct indentation and whitespace 2014-10-11 10:39:12 -07:00
Roberto Soares Espreto 7bd0f2c114 Changed Name, array in OptEnum and operator 2014-10-11 09:03:18 -03:00
Roberto Soares Espreto cbde2e8cd1 Variable cmd now with interpolation 2014-10-10 18:21:16 -03:00
Roberto Soares Espreto 291bfed47e Using Rex.sleep instead of select 2014-10-10 15:17:40 -03:00
Roberto Soares Espreto bd315d7655 Changed print_good and OptEnum 2014-10-10 13:54:42 -03:00
Roberto Soares Espreto 08fdb4fab2 Add module to enumerate environment HP via perfd daemon 2014-10-10 13:09:36 -03:00
Pedro Ribeiro 8163b7de96 Thanks for helping me clean up Todd! 2014-10-09 18:20:31 +01:00
Pedro Ribeiro 9d1e206e43 Incorporate cred changes and other minor fixes 2014-10-09 17:59:38 +01:00
Pedro Ribeiro 4817e1e953 Update trackit_sql_domain_creds.rb 2014-10-08 21:41:04 +01:00
Brendan Coles 3c7be9c4c5 Remove hash rockets from references #3766
[SeeRM #8776]
2014-10-08 09:01:19 +00:00
Pedro Ribeiro 6af6b502c3 Remove spaces at EOL 2014-10-08 08:30:30 +01:00
Pedro Ribeiro 713ff5134a Add OSVDB id 2014-10-08 08:24:44 +01:00
Pedro Ribeiro bd812c593c Add full disclosure URL 2014-10-08 08:24:04 +01:00
Pedro Ribeiro bbac61397d Restore :address to rhost and explain why 2014-10-08 08:23:43 +01:00
Pedro Ribeiro 9cb0ad1ac2 Change the reporting address to the real value 2014-10-08 01:18:17 +01:00
Pedro Ribeiro 6e9bebdaf9 Fix noob mistake in assignment 2014-10-08 01:04:15 +01:00
Pedro Ribeiro 7dbfa19e65 Add exploit for Track-It! domain/sql creds vuln 2014-10-07 23:54:43 +01:00
Christian Mehlmauer f45b89503d change WPVULNDBID to WPVDB 2014-10-03 17:13:18 +02:00
Christian Mehlmauer 33b37727c7 Added wpvulndb links 2014-10-02 23:03:31 +02:00
jvazquez-r7 c00094ba6e
Land #3345, @mvdevnull's auxiliary module for OSVDB 106815, Alienvault sqli 2014-09-19 15:01:21 -05:00
jvazquez-r7 62414e2214 Add Timeout to exploit sqli 2014-09-19 15:00:54 -05:00
jvazquez-r7 db6372ec8b Do minor module cleanup 2014-09-19 14:43:35 -05:00
jvazquez-r7 4a9294e3bf Mark module as not executable 2014-09-19 14:36:44 -05:00
Joe Vennix 59dfa624c4
Add a REMOTE_JS datastore option for BeEf hooks etc. 2014-09-16 13:31:03 -05:00
Tod Beardsley 4fc1ec09c7
Land #3759, Android UXSS, with ref/desc fixes
Incidentally, this also closes jvennix-r7#14 (let's see if I can close a
PR by merging from another repo!)

Also fixes #3782 (opened by accident).
2014-09-11 14:27:51 -05:00
Tod Beardsley fbba4b32e0
Update the title and desc to be more descriptive
See #3759
2014-09-11 14:06:14 -05:00
Tod Beardsley d627ab7628
Add refs for Android UXSS
See #3759
2014-09-11 14:05:50 -05:00
sinn3r 280e16c241
Land #3677 - Updated shodan_search for new API 2014-09-10 11:39:00 -05:00
sinn3r 006393360e Add conditions to check healthy shodan results 2014-09-10 11:38:06 -05:00
Joe Vennix 7793ed4fea
Add some common UXSS scripts. 2014-09-09 02:31:27 -05:00
Joe Vennix 27889ea411
Add a safety fallback on js load. 2014-09-08 00:46:47 -05:00
Joe Vennix 8407d45c9c
Rework the timers. 2014-09-08 00:40:00 -05:00
Joe Vennix 5c9c8edfcf
Fix refs. 2014-09-07 23:33:45 -05:00
Joe Vennix 5efaf7d4cf
rename module, handle asyncness. 2014-09-07 23:25:08 -05:00
Joe Vennix 1bf89fb6bd Add Android <= 4.3 AOSP UXSS module. 2014-09-07 20:44:03 -05:00
Chris Hebert abffdd8705 Update alienvault_newpolicyform_sqli.rb
cleaned up according to msftidy.rb suggestions

modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:17 - [WARNING] Spaces at EOL
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:18 - [WARNING] Tabbed indent: "\tlack of input filtering to read an arbitrary file from the file system.\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Space-Tab mixed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:29 - [WARNING] Tabbed indent: "\t [ 'OSVDB', '106815' ],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Space-Tab mixed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:30 - [WARNING] Tabbed indent: "\t [ 'EDB', '33317'],\n"
modules/auxiliary/gather/alienvault_newpolicyform_sqli.rb:110 - [WARNING] Spaces at EOL
2014-09-04 21:46:37 -04:00
Chris Hebert 664cc131e3 Update alienvault_newpolicyform_sqli.rb
added 'ctx' variable relating to jvazquez-r7 note added on Jun 9
2014-09-04 21:34:24 -04:00
jvazquez-r7 ff210a7c0a delete parenthesis 2014-09-04 16:16:29 -05:00
William Vu 2d8c7a7a4d
Refactor if statement to early return
This eliminates the protracted if statement and aligns the code body.
2014-09-04 15:05:30 -05:00
John Sawyer 3281781f6a Addressed r7 comments, fixed bug in results loop 2014-09-01 13:43:31 -04:00
Jon Hart 246f021437 Update natpmp_external_address to use Msf::Auxiliary::UDPScanner 2014-08-26 10:49:53 -07:00
Jon Hart 162508f532 Update NAT-PMP modules to use new/updated mixins 2014-08-26 10:49:53 -07:00
Jon Hart 816404bb88 Move common NAT-PMP functionality into a central place 2014-08-26 10:49:53 -07:00
Jon Hart ca11eae3a9 Show a useful failure message when the external address probe fails 2014-08-26 10:49:52 -07:00
John Sawyer 0a27a18104 Committing changes from r7 comments 2014-08-23 00:08:27 -04:00
John Sawyer 1959f7a235 Updated shodan_search for new API 2014-08-20 00:48:13 -04:00
jvazquez-r7 674c3ca260 Use [] for references 2014-07-30 10:44:42 -05:00
Christian Mehlmauer 3d2a62bc29
Updated W3 Total Cache Hash extract module 2014-07-29 19:49:48 +02:00
jvazquez-r7 8937fbb2f5 Fix email format 2014-07-11 12:45:23 -05:00
William Vu 43f41de124
Land #3508, CVE-2014-4671 Flash JSONP disclosure 2014-07-11 10:11:48 -05:00
joev b8225ae2dc
Remove unnecessary ||= and ivars. 2014-07-10 16:06:28 -05:00
joev e0389dfbc3
Update code as per @wvu's code review. 2014-07-10 15:03:40 -05:00
joev dd439066ca
Patch rhost to display hostname of JSONP_URL. 2014-07-10 12:02:22 -05:00
joev 841cb6a590
STEAL_URL -> STEAL_URLS. 2014-07-10 09:14:32 -05:00
joev fad30bc874
Add flash rosetta exploit module for stealing URLs. 2014-07-10 09:09:10 -05:00
HD Moore 002234993f
SMB lib fixes, unattend.xml cred gathering 2014-06-23 20:08:42 -05:00
Meatballs 615aeb66a5
Dont use or 2014-06-23 23:11:04 +01:00
Meatballs 752007848b
Tidy up code
Dont rescue Exception
Remove eol spaces
Dont use and
More verbose path
2014-06-23 23:08:33 +01:00
HD Moore 2772d84a18 Major rework of this module, please see the diff 2014-06-23 16:13:42 -05:00
William Vu a0aca251f5
Land #3472, releae fixes 2014-06-23 11:41:35 -05:00
Tod Beardsley 0219c4974a
Release fixups, word choice, refs, etc. 2014-06-23 11:17:00 -05:00
William Vu 40d1ec551e
Add WEP, PSK, and MGT 2014-06-21 23:15:20 -05:00
Spencer McIntyre c685e0d06e
Land #3444, chromecast wifi enumeration 2014-06-17 22:09:58 -04:00
William Vu 1394ad1431
Break my double quote habit
Doesn't it feel better? C doesn't love me anymore.
2014-06-17 14:22:55 -05:00
William Vu 8376b4aa2b
Map constants to readable values
Thanks, @zeroSteiner and @kernelsmith. :)
2014-06-17 13:10:08 -05:00
Tod Beardsley 2aa26fa290
Minor spacing and word choice fixups 2014-06-16 11:40:21 -05:00
Tod Beardsley 1ab379a0fe
Land #3448, ident =! indent 2014-06-12 14:15:06 -05:00
Tod Beardsley e9783200f2
Land #3447, fix variable typo 2014-06-12 14:07:34 -05:00
William Vu cb91b2b094
Fix broken table indent (s/Ident/Indent/ hash key) 2014-06-12 13:41:44 -05:00
Jon Cave a647246148 Use correct variable name 2014-06-12 19:38:41 +01:00
Tod Beardsley 3f5e50d18f
Aux modules don't have ranking.
msftidy should have defintely caught this. That it didn't catch on
Travis-CI concerns me. Need to research this.
2014-06-12 13:21:59 -05:00
joev 6bc37cca0c
Land #3430, @brandonprry's generic MongoDB injection enum. 2014-06-11 21:41:23 -05:00
William Vu 23f7fe45ed
Add Chromecast wifi enumeration module 2014-06-11 21:00:47 -05:00
Brandon Perry cca91dd7c5 Update mongodb_js_inject_collection_enum.rb
some @jvennix-r7 fixes
2014-06-11 17:07:57 -05:00
Brandon Perry 4367e8ef0c Update mongodb_js_inject_collection_enum.rb
Fix some logic bugs that caused incorrect results.
2014-06-07 21:03:28 -05:00
Brandon Perry dc89621d5c Update mongodb_js_inject_collection_enum.rb
No need to make extra requests. Off by one.
2014-06-07 20:09:00 -05:00
Brandon Perry 2663af986b Update mongodb_js_inject_collection_enum.rb
This adds a bit more error handling, and better decision making in regards to false responses.
2014-06-07 19:58:12 -05:00
Brandon Perry 4071fb332b Create mongodb_js_inject_collection_enum.rb
This module was tested against a small php application I wrote interfacing with MongoDB 2.2.7

https://gist.github.com/brandonprry/c2de8ac2be825007c4de
2014-06-07 11:20:34 -05:00
jvazquez-r7 69e8286838 Fix title 2014-05-27 10:29:32 -05:00
jvazquez-r7 1316365c2f Fix description 2014-05-27 10:22:39 -05:00
jvazquez-r7 abe1d6ffc7
Land #3190, @Karmanovskii's module to fingerprint MyBB database 2014-05-27 10:20:24 -05:00
jvazquez-r7 86221de10e Fix message 2014-05-27 10:18:27 -05:00
jvazquez-r7 b96c2dd0ca Change module filename 2014-05-27 10:15:39 -05:00
jvazquez-r7 1d8c46155b Do last code cleaning 2014-05-27 10:14:55 -05:00
Karmanovskii eacf70af83 Update mybb_get_type_db.rb
26.05.2014  23:26
I deleted mimicking IE11
2014-05-26 23:26:28 +04:00
Chris Hebert 99046ba12a Update alienvault_newpolicyform_sqli.rb
Added EDB link - should be ready now.
2014-05-23 10:07:45 -04:00
Tod Beardsley fa353e6bd9
Add CVE, IBM ref for SameTime modules 2014-05-22 11:34:04 -05:00
Karmanovskii e26dee5e22 Update mybb_get_type_db.rb
19/05/2014
I deleted      -     #return Exploit::CheckCode::Unknown  # necessary ????
2014-05-19 21:32:30 +04:00
Karmanovskii 06912ac2b6 Update mybb_get_type_db.rb
1.Changed "Rex::Proto::Http::Client" to "Msf::Exploit::Remote::HttpClient"
2.changed the name of the variable "_Version_server".
2014-05-17 16:30:29 +04:00
Karmanovskii cbb84e854c Update mybb_get_type_db.rb
14.05.2014
Eliminated notes jvazquez-r7
2014-05-14 14:56:40 +04:00
Christian Mehlmauer 3f3283ba06
Resolved some msftidy warnings (Set-Cookie) 2014-05-12 21:23:30 +02:00
Chris Hebert 681e4194ea Update alienvault_newpolicyform_sqli.rb
and the new variable as well.
2014-05-10 20:19:40 -04:00
Chris Hebert 3ae3c478bd Update alienvault_newpolicyform_sqli.rb
enhanced as requested by Christian Mehlmauer 
changed xnDa to a random string to make IDS harder to detect.
2014-05-10 20:17:30 -04:00
Chris Hebert 1affbfbe9d Update alienvault_newpolicyform_sqli.rb
fixed reinitialize i=0, full = '' and filename .....
 spotted by Spencer McIntyre - thanks.
2014-05-10 18:49:41 -04:00
Chris Hebert 8e79663001 Update alienvault_newpolicyform_sqli.rb
Added vendor advisory
2014-05-10 18:31:12 -04:00
Chris Hebert ec1df58bf7 Update alienvault_newpolicyform_sqli.rb
Changed reference --  OSVDB # 106815
(waiting for EDB - no response yet)
2014-05-10 18:14:09 -04:00
Chris Hebert 473efe1040 Update alienvault_newpolicyform_sqli.rb 2014-05-10 17:28:50 -04:00