HD Moore
95b9208a63
Change recv to get_once to avoid indefinite hangs, cosmetic tweaks.
2015-09-02 10:30:19 -05:00
xistence
a81a9e0ef8
Added TIME_WAIT for GUI windows
2015-09-02 16:55:20 +07:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Christian Mehlmauer
115f409fef
change exitfunc to thread
2015-09-01 10:48:07 +02:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
wchen-r7
54c5c6ea38
Another update
2015-07-29 14:31:35 -05:00
William Vu
405261df4f
Land #5710 , php_wordpress_total_cache removal
...
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu
3feef639b9
Land #5711 , php_wordpress_optimizepress removal
...
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu
6e12cbf98f
Land #5712 , php_wordpress_lastpost removal
...
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu
dd188b1943
Land #5713 , php_wordpress_infusionsoft removal
...
Deprecated.
2015-07-13 18:31:01 +00:00
wchen-r7
4960e64597
Remove php_wordpress_foxypress, use wp_foxypress_upload
...
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7
dfbeb24a8f
Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
...
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7
b80427aed2
Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
...
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7
90cc3f7891
Remove php_wordpress_optimizepress, use wp_optimizepress_upload
...
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7
4177cdacd6
Remove php_wordpress_total_cache, please use wp_total_cache_exec
...
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00
xistence
13a69e4011
X11 Keyboard Exec
2015-07-10 13:57:54 +07:00
Tod Beardsley
afcb016814
Minor description fixups.
...
Edited modules/exploits/multi/browser/adobe_flash_pixel_bender_bof.rb
first landed in #5524 , adobe_flash_pixel_bender_bof in flash renderer .
Removed ASCII bullets since those rarely render correctly.
Edited modules/exploits/unix/webapp/wp_frontend_editor_file_upload.rb
first landed in #5252 , @espreto's module for WordPress Front-end Editor
File Upload Vuln . Fixed up some language usage, camel-cased "WordPress."
2015-06-18 13:25:39 -05:00
jvazquez-r7
f279c6ca3f
Land #5252 , @espreto's module for WordPress Front-end Editor File Upload Vuln
2015-06-12 15:11:10 -05:00
William Vu
9fa423464c
Fix #5224 , comma fixes
...
My fault for missing these.
2015-06-09 14:28:01 -05:00
William Vu
8a69704d3e
Fix up commas
2015-06-09 14:27:35 -05:00
William Vu
d31a59cd22
Fix #5224 , altered option description
2015-06-09 14:15:58 -05:00
William Vu
cc8650f98a
Fix TMPPATH description
2015-06-09 14:15:18 -05:00
William Vu
9c97da3b7c
Land #5224 , ProFTPD mod_copy exploit
2015-06-09 14:11:27 -05:00
William Vu
5ab882a8d4
Clean up module
2015-06-09 14:10:46 -05:00
Tod Beardsley
95b5ff6bea
Minor fixups on recent modules.
...
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301 , @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces
Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in
Edited modules/auxiliary/scanner/http/title.rb first landed in #5333 ,
HTML Title Grabber
Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401 , multi-platform CVE-2015-0311 - Flash uncompress()
UAF
Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290 , Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
William Vu
eeb87a3489
Polish up module
2015-05-09 14:33:41 -05:00
HD Moore
fe907dfe98
Fix the disclosure date
2015-05-09 10:44:28 -05:00
jvazquez-r7
cb51bcc776
Land #5147 , @lightsey's exploit for CVE-2015-1592 MovableType deserialization
2015-05-09 01:56:38 -05:00
jvazquez-r7
89bc405c54
Do minor code cleanup
2015-05-09 01:54:05 -05:00
William Vu
134a674ef3
Land #5312 , @todb-r7's release fixes
2015-05-07 15:34:31 -05:00
Tod Beardsley
f423306b6f
Various post-commit fixups
...
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150 , @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys
Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192 , @joevennix's module for Safari CVE-2015-1126
Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in
Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016 ,
add SSL Labs scanner
Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101 , Add Directory Traversal for GoAhead Web Server
Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158 , OWA internal IP disclosure scanner
Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159 , WordPress Mobile Edition Plugin File Read Vuln
Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924 , @m-1-k-3's DLink CVE-2015-1187 exploit
Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131 , WordPress Slideshow Upload
Edited modules/exploits/windows/local/run_as.rb first landed in #4649 ,
improve post/windows/manage/run_as and as an exploit
(These results courtesy of a delightful git alias, here:
```
cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"
```
So that's kind of fun.
2015-05-06 11:39:15 -05:00
Tom Sellers
94d1905fd6
Added WPVDB reference
...
Added a link to the new WPVDB article 7540 that @FireFart provided.
2015-05-06 05:41:02 -05:00
Tom Sellers
c293066198
Leverage check_version_from_custom_file in PR #5292
...
Change the 'check' code to leverage check_version_from_custom_file added to wordpress/version.rb by @FireFart in PR #5292
2015-05-06 05:41:02 -05:00
Tom Sellers
18697d8d02
Fixed the following based on feedback from @FireFart ( Thanks! )
...
- Adjusted references section
- Corrected call to normalize_uri
- Removed unnecessary require for rex/zip
2015-05-06 05:41:02 -05:00
Tom Sellers
8cb18f8afe
Initial commit of code
2015-05-06 05:41:02 -05:00
John Lightsey
4bfb9262e6
Add exploit module for MovableType CVE-2015-1592
...
This module targets the deserialization of untrusted Storable data in
MovableType before 5.2.12 and 6.0.7. The destructive attack will
function on most installations, but will leave the webapp corrupted.
The non-destructive attack will only function on servers that have the
Object::MultiType (uncommon) and DateTime (common) Perl modules
installed in addition to MovableType.
2015-05-03 14:18:01 -05:00
Roberto Soares
b537c8ae2c
Changed fail_with output.
2015-04-26 01:28:55 -03:00
Roberto Soares
a4b4d7cf6a
Add WordPress Front-end Editor File Upload Vuln
2015-04-25 22:00:05 -03:00
Brent Cook
ff96101dba
Land #5218 , fix #3816 , remove print_debug / DEBUG
2015-04-24 13:41:07 -05:00
jvazquez-r7
7167dc1147
Land #5243 , @espreto's WordPress WPshop eCommerce File Upload exploit
2015-04-24 11:30:28 -05:00
jvazquez-r7
558103b25d
Do code cleanup
2015-04-24 11:30:08 -05:00
jvazquez-r7
8a8d9a26f4
Do code cleanup
2015-04-24 10:47:46 -05:00
jvazquez-r7
b5223912cb
Fix check method
2015-04-24 10:41:41 -05:00
Roberto Soares
c9b4a272e3
Changed fail_with output.
2015-04-24 12:16:23 -03:00
Roberto Soares
e14c6af194
Removed double 'Calling payload'.
2015-04-24 06:26:04 -03:00
Roberto Soares
01efc97c4a
Add WordPress WPshop eCommerce File Upload.
2015-04-24 06:21:49 -03:00
Roberto Soares
5bf4c9187a
Removed double "Calling payload..."
2015-04-23 03:41:34 -03:00
Roberto Soares
844f768eee
Add WordPress InBoundio Marketing File Upload
2015-04-23 03:32:17 -03:00
xistence
92c91c76f7
Proftpd 1.3.5 Mod_Copy Command Execution
2015-04-22 01:41:16 -04:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
Christian Mehlmauer
a60fe4af8e
Land #5201 , Change module wording to conform with other WP modules
2015-04-20 10:07:05 +02:00
aushack
1a32cf7fc0
Change module wording to conform with other WP modules.
2015-04-20 16:48:35 +10:00
Christian Mehlmauer
a5583debdc
Land #5131 , WordPress Slideshow Upload
2015-04-19 23:12:26 +02:00
Roberto Soares
c1a1143377
Remove line in description and output line in fail_with
2015-04-18 15:38:42 -03:00
Christian Mehlmauer
bba0927c7e
Land #5163 , WordPress Reflex Gallery Plugin File Upload
2015-04-17 11:26:34 +02:00
Christian Mehlmauer
153344a1dd
fix Unkown typo
2015-04-16 23:59:28 +02:00
Roberto Soares
33cf2f1578
Added Faliure:: symbol to fail_with
2015-04-16 17:40:25 -03:00
Roberto Soares
2138325129
Add Failure:: symbol to fail_with
2015-04-16 17:15:24 -03:00
Christian Mehlmauer
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
Christian Mehlmauer
8c5890d506
more fixes
2015-04-16 21:56:42 +02:00
Christian Mehlmauer
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
Christian Mehlmauer
0e186fa617
first fail_with fixes
2015-04-16 21:08:33 +02:00
William Vu
f0d6735332
Land #5165 , version number correction
2015-04-16 12:10:12 -05:00
William Vu
26f2b350d2
Land #5168 , more fail_with fixes
2015-04-16 12:04:55 -05:00
sinn3r
904339f0d7
Fix #5130 , Correct use of fail_with in wp_worktheflow_upload.rb
2015-04-16 10:32:50 -05:00
sinn3r
5c98270f4d
Fix #5137 - Correct use of fail_with
2015-04-16 09:57:02 -05:00
Christian Mehlmauer
418d8586a5
Land #5137 (again), WordPress N-Media Website File Upload
2015-04-16 16:24:41 +02:00
Christian Mehlmauer
7f79acb996
Land #5137 , WordPress N-Media Website File Upload
2015-04-16 16:17:20 +02:00
Roberto Soares
517ad54617
Fix the correct version in check.
2015-04-16 10:56:43 -03:00
Roberto Soares
95310dbe4f
Fix 'if' condition.
2015-04-16 10:51:36 -03:00
Roberto Soares
626a9f0508
Fix the correct version in check.
2015-04-16 10:46:08 -03:00
Roberto Soares
6ef074cd28
Fix the correct version in check
2015-04-16 10:34:34 -03:00
Christian Mehlmauer
d9f4c7548f
Land #5136 , WordPress Creative Contact Form upload
2015-04-16 15:17:14 +02:00
Christian Mehlmauer
84c74b8d42
use correct version number
2015-04-16 15:01:54 +02:00
Roberto Soares
ee8dc49a25
Fix wrong version in check.
2015-04-16 09:45:18 -03:00
Roberto Soares
e16cc6fa82
Fix the correct version in check.
2015-04-16 09:38:42 -03:00
Roberto Soares
dc7f161339
Add author, EDB, OSVDB and WPVDB.
2015-04-16 08:56:33 -03:00
Roberto Soares
1112a3b0ae
Add WordPress Reflex Gallery Plugin File Upload
2015-04-16 08:40:51 -03:00
Roberto Soares
4aa4f83372
Removed timeout 2.
2015-04-16 05:37:11 -03:00
Roberto Soares
39556c10c7
Rewrote check method.
2015-04-16 05:36:20 -03:00
Roberto Soares
ace316a54f
Added WPVDB and EDB references.
2015-04-16 05:29:21 -03:00
Roberto Soares
10c218319a
Rewrote response condition.
2015-04-16 05:26:48 -03:00
Roberto Soares
5cb9b1a44c
Removed timeout 2.
2015-04-16 05:21:59 -03:00
Roberto Soares
0e1b173d15
Renamed USER/PASSWORD to WP_USER/WP_PASSWORD.
2015-04-16 05:11:56 -03:00
Roberto Soares
13ded8abe7
Added WPVDB.
2015-04-16 05:08:45 -03:00
Roberto Soares
64923ffdc2
Fixed plugin name in check method
2015-04-16 05:06:36 -03:00
Roberto Soares
e9212c4d6b
wordpress_url_admin_ajax intead of wordpress_url_backend
2015-04-16 04:53:05 -03:00
Roberto Soares
81d898fd7e
Rewrote check code.
2015-04-16 04:51:40 -03:00
Roberto Soares
aeb0484889
Removed timeout 2.
2015-04-16 04:48:00 -03:00
Roberto Soares
e6e9c173e3
Rewrote res conditions.
2015-04-16 04:43:34 -03:00
Roberto Soares
d11db4edc7
Rewrote check code.
2015-04-16 04:37:30 -03:00
Roberto Soares
f13d31c7c2
Added WPVDB.
2015-04-16 04:31:23 -03:00
Roberto Soares
cccda4e851
Removed unnecessary line.
2015-04-16 04:27:15 -03:00
Roberto Soares
d3a6de761d
Removed timeout 2.
2015-04-16 04:09:02 -03:00
Roberto Soares
1249f29ee8
Add JSON::ParserError exception handler.
2015-04-16 04:03:54 -03:00
Roberto Soares
a09e643a71
Add author, URL, WPVDB and disclosure date.
2015-04-13 22:54:05 -03:00
Roberto Soares
271a81778e
Add Module WP N-Media Website Contact Form Upload
2015-04-13 22:48:34 -03:00
Roberto Soares
7f10fb5bf0
Fix disclosure date
2015-04-13 18:53:20 -03:00
Roberto Soares
e94ca0bdd1
Add EDB, OSVDB and author.
2015-04-13 18:42:17 -03:00
Roberto Soares
d5d975c450
Add Module WordPress Creative Contact Form Upload
2015-04-13 18:38:43 -03:00
Roberto Soares
7b57496501
Fix typo and add email addr.
2015-04-13 04:12:32 -03:00
Roberto Soares
abee3f17c4
Add author, CVE and EDB references
2015-04-13 04:08:34 -03:00
Roberto Soares
58c4042321
Add Module WP Slideshow Gallery Shell Upload
2015-04-13 03:56:59 -03:00
Roberto Soares
2d1f8c510e
Add author and references
2015-04-12 21:21:49 -03:00
Roberto Soares
9f06cee53d
Add Module WordPress WorkTheFlow Shell Upload
2015-04-12 21:09:44 -03:00
Tod Beardsley
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
William Vu
fadac30f00
Fix deprecated year
2015-03-24 00:34:38 -05:00
William Vu
e338b77389
Readd and deprecate renamed WordPress modules
2015-03-23 23:48:56 -05:00
aushack
b191f92713
Renamed WordPress files to fit majority naming convention.
2015-03-23 18:15:04 +11:00
Hans-Martin Münch (h0ng10)
5dd718e4fa
Better description
2015-03-18 09:51:51 +01:00
Hans-Martin Münch (h0ng10)
00de437918
Initial commit
2015-03-18 09:45:08 +01:00
Christian Mehlmauer
7d42dcee9c
Land #4769 , Wordpress holding-pattern theme file upload
2015-02-21 23:13:06 +01:00
rastating
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
rastating
76a64b31d7
Resolve msftidy issues
2015-02-21 01:41:29 +00:00
rastating
7d30b214ee
Add WordPress admin shell upload module
2015-02-21 01:31:33 +00:00
Tod Beardsley
6370c99755
Avoid version numbers in titles
2015-02-17 10:28:56 -06:00
Tod Beardsley
62a679ebb8
Avoid version numbers in titles
...
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
rastating
40c92f5fe3
Add URL reference
2015-02-14 13:09:37 +00:00
rastating
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
Christian Mehlmauer
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
Christian Mehlmauer
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
jvazquez-r7
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
jvazquez-r7
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
rastating
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
rastating
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
rastating
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
rastating
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
Christian Mehlmauer
6d46182c2f
Land #4570 , @rastating 's module for wp-easycart
2015-02-07 23:42:23 +01:00
Christian Mehlmauer
f2b834cebe
remove check because the vuln is unpatched
2015-02-07 23:38:44 +01:00
Christian Mehlmauer
d2421a2d75
wrong version
2015-02-07 23:34:19 +01:00
Christian Mehlmauer
56d2bc5adb
correct version number
2015-02-07 23:22:43 +01:00
rastating
345d5c5c08
Update version numbers to reflect latest release
2015-02-07 19:09:16 +00:00
jvazquez-r7
1ea4a326c1
Land #4656 , @nanomebia's fixes for sugarcrm_unserialize_exec
2015-02-06 16:42:01 -06:00
jvazquez-r7
e511f72ab4
Delete final check
...
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
jvazquez-r7
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
jvazquez-r7
28f303d431
Decrease timeout
2015-02-03 17:33:29 -06:00
jvazquez-r7
a1c157a4db
Land #4609 , @h0ng10's module for Wordpress Pixabay Images PHP Code Upload
2015-02-03 17:01:32 -06:00
jvazquez-r7
eebee7c066
Do better session creation handling
2015-02-03 17:00:37 -06:00
jvazquez-r7
4ca4fd1be2
Allow to provide the traversal depth
2015-02-03 16:38:40 -06:00
jvazquez-r7
e62a5a4fff
Make the calling payload code easier
2015-02-03 16:23:04 -06:00
jvazquez-r7
61cdb5dfc9
Change filename
2015-02-03 16:13:10 -06:00
jvazquez-r7
82be43ea58
Do minor cleanup
2015-02-03 16:07:27 -06:00
Christian Mehlmauer
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
Nanomebia
d04fd3b978
Fixing Indentation
...
Small indentation fix
2015-01-29 13:03:19 +08:00
Nanomebia
af90c6482b
Sanity Changes
...
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia
27c412341f
Syntax Changes
...
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia
fc3094ec9b
Syntax changes
...
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia
321eb452c5
Syntax Fixes
...
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia
fefc3d088c
Cookie fix and success display
...
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check. Also
fixed the success display - changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
Hans-Martin Münch (h0ng10)
419fa93897
Add OSVDB and WPScan references
2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10)
dfbbc79e0d
make retries a datastore option
2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10)
11bf58e548
Use metasploit methods
2015-01-23 08:48:52 +01:00
rastating
9d3397901b
Correct version numbers and code tidy up
2015-01-19 20:59:46 +00:00
Hans-Martin Münch (h0ng10)
5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
rastating
8a89b3be28
Cleanup of various bits of code
2015-01-13 22:20:40 +00:00
rastating
8246f4e0bb
Add ability to use both WP and EC attack vectors
2015-01-12 23:30:59 +00:00
rastating
e6f6acece9
Add a date hash to the post data
2015-01-12 21:21:50 +00:00
rastating
ea37e2e198
Add WP EasyCart file upload exploit module
2015-01-10 21:05:02 +00:00
Christian Mehlmauer
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
rastating
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
rastating
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
rastating
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
jvazquez-r7
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
Brendan Coles
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
Jon Hart
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
Jon Hart
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
Jon Hart
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
Brendan Coles
4530066187
return nil
2014-12-15 01:04:39 +11:00
Brendan Coles
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
jvazquez-r7
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
Tod Beardsley
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
jvazquez-r7
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
jvazquez-r7
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
Jon Hart
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
jvazquez-r7
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
jvazquez-r7
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
Jon Hart
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
jvazquez-r7
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
jvazquez-r7
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
Jon Hart
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
Jon Hart
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
jvazquez-r7
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
jvazquez-r7
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
jvazquez-r7
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Marc Wickenden
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
EgiX
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
Brendan Coles
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
Christian Mehlmauer
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
Christian Mehlmauer
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00