jvazquez-r7
25344aeb6a
Change filename
2014-10-08 11:55:33 -05:00
jvazquez-r7
909f88680b
Make exploit aggressive
2014-10-08 11:08:01 -05:00
jvazquez-r7
d02f0dc4b9
Make minor cleanup
2014-10-08 10:36:56 -05:00
jvazquez-r7
d913bf1c35
Fix metadata
2014-10-08 10:29:59 -05:00
Pedro Ribeiro
0a9795216a
Add OSVDB id and full disclosure URL
2014-10-08 08:25:41 +01:00
sinn3r
c5494e037d
Land #3900 - Add F5 iControl Remote Root Command Execution
2014-10-08 00:30:07 -05:00
Pedro Ribeiro
d328b2c29d
Add exploit for Track-It! file upload vuln
2014-10-07 23:50:10 +01:00
jvazquez-r7
299d9afa6f
Add module for centreon vulnerabilities
2014-10-07 14:40:51 -05:00
jvazquez-r7
3daa1ed4c5
Avoid changing modules indentation in this pull request
2014-10-07 10:41:25 -05:00
jvazquez-r7
341d8b01cc
Favor echo encoder for back compatibility
2014-10-07 10:24:32 -05:00
jvazquez-r7
0089810026
Merge to update
2014-10-06 19:09:31 -05:00
jvazquez-r7
212762e1d6
Delete RequiredCmd for unix cmd encoders, favor EncoderType
2014-10-06 18:42:21 -05:00
us3r777
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
us3r777
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
James Lee
a65ee6cf30
Land #3373 , recog
...
Conflicts:
Gemfile
Gemfile.lock
data/js/detect/os.js
lib/msf/core/exploit/remote/browser_exploit_server.rb
modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu
f7e709dcb3
Land #3941 , new WPVDB reference
2014-10-03 10:17:02 -05:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
0a2940
f2b9aeed74
typo
2014-10-03 11:02:56 +01:00
0a2940
f60f6d9c92
add exploit for CVE-2011-1485
2014-10-03 10:54:43 +01:00
Brandon Perry
2c9446e6a8
Update f5_icontrol_exec.rb
2014-10-02 17:56:24 -05:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
Joe Vennix
5a8eca8946
Adds a :vuln_test option to BES, just like in BAP.
...
I needed this to run a custom JS check for the Android
webview vuln when the exploit is served straight
through BES. The check already existed when using BAP,
so I tried to preserve that syntax, and also added a
:vuln_test_error as an optional error message.
This commit also does some mild refactoring of un-
useful behavior in BES.
2014-10-01 23:34:31 -05:00
HD Moore
0380c5e887
Add CVE-2014-6278 support, lands #3932
2014-10-01 18:25:41 -05:00
William Vu
c1b0acf460
Add CVE-2014-6278 support to the exploit module
...
Same thing.
2014-10-01 17:58:25 -05:00
William Vu
5df614d39b
Land #3928 , release fixes
2014-10-01 17:21:08 -05:00
Spencer McIntyre
8cf718e891
Update pureftpd bash module rank and description
2014-10-01 17:19:31 -04:00
Tod Beardsley
4fbab43f27
Release fixes, all titles and descs
2014-10-01 14:26:09 -05:00
Spencer McIntyre
cf6029b2cf
Remove the less stable echo stager from the exploit
2014-10-01 15:15:07 -04:00
Spencer McIntyre
632edcbf89
Add CVE-2014-6271 exploit via Pure-FTPd ext-auth
2014-10-01 14:57:40 -04:00
William Vu
9bfd013e10
Land #3923 , mv misc/pxexploit to local/pxeexploit
...
Also renamed typo'd pxexploit -> pxeexploit.
2014-09-30 17:48:06 -05:00
William Vu
039e544ffa
Land #3925 , rm indeces_enum
...
Deprecated.
2014-09-30 17:45:38 -05:00
sinn3r
b17396931f
Fixes #3876 - Move pxeexploit to local directory
2014-09-30 17:16:13 -05:00
William Vu
de65ab0519
Fix broken check in exploit module
...
See 71d6b37088
.
2014-09-29 23:03:09 -05:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
sinn3r
8f3e03d4f2
Land #3903 - ManageEngine OpManager / Social IT Arbitrary File Upload
2014-09-29 17:53:43 -05:00
Pedro Ribeiro
533b807bdc
Add OSVDB id
2014-09-29 21:52:44 +01:00
HD Moore
bfadfda581
Fix typo on match string for opera_configoverwrite
2014-09-29 15:34:35 -05:00
sinn3r
ffe5aafb2f
Land #3905 - Update exploits/multi/http/apache_mod_cgi_bash_env_exec
2014-09-29 15:19:35 -05:00
sinn3r
9e5826c4eb
Land #3844 - Add the JSObfu mixin to Firefox exploits
2014-09-29 11:15:14 -05:00
sinn3r
ababc3d8ff
Land #3869 - HP Network Node Manager I PMD Buffer Overflow
2014-09-29 11:00:12 -05:00
Meatballs
d5959d6bd6
Land #2585 , Refactor Bypassuac with Runas Mixin
2014-09-28 09:24:22 +01:00
Spencer McIntyre
fe12ed02de
Support a user defined header in the exploit too
2014-09-27 18:58:53 -04:00
Pedro Ribeiro
f20610a657
Added full disclosure URL
2014-09-27 21:34:57 +01:00
Pedro Ribeiro
030aaa4723
Add exploit for CVE-2014-6034
2014-09-27 19:33:49 +01:00
Brandon Perry
161a145ec2
Create f5_icontrol_exec.rb
2014-09-27 10:40:13 -05:00
jvazquez-r7
0a3735fab4
Make it better
2014-09-26 16:01:10 -05:00
jvazquez-r7
3538b84693
Try to make a better check
2014-09-26 15:55:26 -05:00
jvazquez-r7
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
jvazquez-r7
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
jvazquez-r7
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
jvazquez-r7
a31b4ecad9
Merge branch 'review_3893' into test_land_3893
2014-09-26 08:41:43 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
sinn3r
38c8d92131
Land #3888 - exploit module version of CVE-2014-6271
2014-09-26 00:31:41 -05:00
jvazquez-r7
ad864cc94b
Delete unnecessary code
2014-09-25 16:18:01 -05:00
Joe Vennix
2b02174999
Yank Android->jsobfu integration. Not really needed currently.
2014-09-25 16:00:37 -05:00
jvazquez-r7
9245bedf58
Make it more generic, add X86_64 target
2014-09-25 15:54:20 -05:00
Samuel Huckins
be6552dae7
Clarifying VMware priv esc via bash module name
2014-09-25 14:34:09 -05:00
jvazquez-r7
d8c03d612e
Avoid failures due to bad payload selection
2014-09-25 13:49:04 -05:00
jvazquez-r7
91e5dc38bd
Use datastore timeout
2014-09-25 13:36:05 -05:00
jvazquez-r7
8a43d635c3
Add exploit module for CVE-2014-6271
2014-09-25 13:26:57 -05:00
Rob Fuller
f13289ab65
remove debugging
2014-09-25 02:16:19 -04:00
Rob Fuller
8cb4ed4cb7
re-add quotes -oops
2014-09-25 02:09:12 -04:00
Rob Fuller
6fb587ef96
update to use vmware-vmx-stats
2014-09-25 01:55:04 -04:00
jvazquez-r7
37753e656e
Land #3882 , @jvennix-r7's vmware/bash privilege escalation module
2014-09-25 00:42:12 -05:00
jvazquez-r7
456d731aa3
Fix processes check
2014-09-25 00:24:39 -05:00
Joe Vennix
f6708b4d83
Check for running vmware processes first.
2014-09-24 19:11:38 -05:00
Joe Vennix
99da950734
Adds osx vmware/bash priv escalation.
2014-09-24 17:44:14 -05:00
jvazquez-r7
f2cfbebbfb
Add module for ZDI-14-305
2014-09-24 00:22:16 -05:00
sinn3r
11b9a8a6ae
Land #3814 - Advantech WebAccess dvs.ocx GetColor BoF
2014-09-23 15:06:21 -05:00
jvazquez-r7
b021ff4399
Add noche tags
2014-09-23 13:11:06 -05:00
jvazquez-r7
5c6236e874
Fix rop chain to allow VirtualAlloc when end of stack is too close
2014-09-23 13:08:26 -05:00
sinn3r
31ecbfdc4e
Land #3756 - EMC AlphaStor Device Manager Opcode 0x75 Command Injection
2014-09-23 12:57:46 -05:00
Joe Vennix
d9e6f2896f
Add the JSObfu mixin to a lot of places.
2014-09-21 23:45:59 -05:00
mfadzilr
a2a2ca550e
add test result on different windows version
2014-09-20 20:06:30 +08:00
mfadzilr
dd71c666dc
added osvdb reference and software download url, use FileDropper method
...
for cleanup
2014-09-20 15:31:28 +08:00
mfadzilr
19ed594e98
using FileDropper method for cleanup
2014-09-20 10:52:21 +08:00
jvazquez-r7
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
jvazquez-r7
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
jvazquez-r7
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
jvazquez-r7
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
jvazquez-r7
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
jvazquez-r7
0267e889e2
Use FileDropper
2014-09-19 16:58:21 -05:00
jvazquez-r7
6fd5027e05
Avoid UploadPath datastore option, parse from response
2014-09-19 16:55:28 -05:00
jvazquez-r7
2ce9bdf152
Use target_uri.path.to_s instead of uri
2014-09-19 16:43:40 -05:00
jvazquez-r7
eb55c7108b
Fix indentantion again
2014-09-19 16:41:07 -05:00
jvazquez-r7
cbfb7e600d
Use Rex::MIME::Message
2014-09-19 16:29:09 -05:00
jvazquez-r7
cffb28b5d3
Fix indentantion
2014-09-19 16:18:46 -05:00
mfadzilr
677d035ce8
added proper regex for check function
...
add comment for changed code
2014-09-19 11:30:51 +08:00
jvazquez-r7
64ac1e6b26
Rand padding
2014-09-17 08:09:09 -05:00
jvazquez-r7
e593a4c898
Add comment about gadgets origin
2014-09-16 16:38:03 -05:00
jvazquez-r7
80f02c2a05
Make module ready to go
2014-09-16 15:18:11 -05:00
sinn3r
3e09283ce5
Land #3777 - Fix struts_code_exec_classloader on windows
2014-09-16 13:09:58 -05:00
sinn3r
158d4972d9
More references and pass msftidy
2014-09-16 12:54:27 -05:00
Vincent Herbulot
7a7b6cb443
Some refactoring
...
Use EDB instead of URL for Exploit-DB.
Remove peer variable as peer comes from HttpClient.
2014-09-16 17:49:45 +02:00
mfadzilr
978803e9d8
add proper regex
2014-09-16 21:49:02 +08:00
us3r777
4c615ecf94
Module for CVE-2014-5519, phpwiki/ploticus RCE
2014-09-16 00:09:41 +02:00
mfadzilr
783b03efb6
change line 84 as mubix advice, update disclosure date according to
...
bugtraq security list.
2014-09-15 17:21:05 +08:00
mfadzilr
9860ed340e
run msftidy, make correction for CVE format and space at EOL (line 77)
2014-09-15 13:13:25 +08:00
mfadzilr
f1d3c44f4f
exploit module for HTTP File Server version 2.3b, exploiting HFS scripting commands 'save' and 'exec'.
2014-09-15 12:59:27 +08:00
mfadzilr
74ef83812a
update module vulnerability information
2014-09-15 01:43:18 +08:00
mfadzilr
8b4b66fcaa
initial test
2014-09-14 12:26:02 +08:00
jvazquez-r7
3a6066792d
Work in rop chain...
2014-09-13 17:38:19 -05:00
jvazquez-r7
e2ef927177
Add first version for ZDI-14-255
2014-09-12 08:57:54 -05:00
jvazquez-r7
373eb3dda0
Make struts_code_exec_classloader to work on windows
2014-09-10 18:00:16 -05:00
Jon Hart
495e1c14a1
Land #3721 , @brandonprry's module for Railo CVE-2014-5468
2014-09-09 19:10:46 -07:00
Jon Hart
26d8432a22
Minor style and usability changes to @brandonprry's #3721
2014-09-09 19:09:45 -07:00
Brandon Perry
db6052ec6a
Update check method
2014-09-09 18:51:42 -05:00
sinn3r
0a6ce1f305
Land #3727 - SolarWinds Storage Manager exploit AND Msf::Payload::JSP
2014-09-09 17:21:03 -05:00
sinn3r
027f543bdb
Land #3732 - Eventlog Analzyer exploit
2014-09-09 11:33:20 -05:00
sinn3r
75269fd0fa
Make sure we're not doing a 'negative' timeout
2014-09-09 11:26:49 -05:00
Tod Beardsley
4abee39ab2
Fixup for release
...
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
William Vu
ae5a8f449c
Land #3691 , gdbserver hax
2014-09-08 11:48:39 -05:00
jvazquez-r7
df278dd2dc
Conver to exploit
2014-09-05 14:47:33 -05:00
jvazquez-r7
d4a8b7e00d
Move to exploits
2014-09-05 10:38:28 -05:00
jvazquez-r7
d041ee6629
Delete exploit modules from this branch
2014-09-05 10:29:24 -05:00
sinn3r
85b48fd437
Land #3736 - Revert initial ff xpi prompt bypass for Firefox 22-27
2014-09-04 16:08:15 -05:00
jvazquez-r7
f063dcf0f4
Land #3741 , @pedrib's module for CVE-2014-5005 Desktop Central file upload
2014-09-04 15:44:21 -05:00
jvazquez-r7
f466b112df
Minor cleaning on check
2014-09-04 15:43:59 -05:00
jvazquez-r7
74b8e8eb40
Change module filename
2014-09-04 15:39:34 -05:00
jvazquez-r7
7563c0bd0e
Use Gem::Version
2014-09-04 14:40:13 -05:00
jvazquez-r7
2615a7a3be
Favor \&\& and || operands
2014-09-04 14:35:37 -05:00
Joe Vennix
0e18d69aab
Add extended mode to prevent service from dying.
2014-09-03 16:07:27 -05:00
Joe Vennix
4293500a5e
Implement running exe in multi.
2014-09-03 15:56:21 -05:00
Pedro Ribeiro
f0e3fa18a3
Restore the original filename
2014-09-03 21:32:05 +01:00
Joe Vennix
268d42cf07
Add PrependFork to payload options.
2014-09-03 14:56:22 -05:00
Pedro Ribeiro
ded085f5cc
Add CVE ID
2014-09-03 07:22:10 +01:00
Brandon Perry
ee3e5c9159
Add check method
2014-09-02 21:35:47 -05:00
Pedro Ribeiro
c672fad9ef
Add OSVDB ID, remove comma from Author field
2014-09-02 23:17:10 +01:00
Pedro Ribeiro
d69049008c
Refactor and rename desktopcentra_file_upload
...
- Rewrite check method
- Declare that v7 is also exploitable (tested and it works)
- Rename to dc_agentlogupload_file_upload to match the other DC module's naming convention
- Add CVE / OSVDB / Full disclosure references
2014-09-02 23:12:33 +01:00
Pedro Ribeiro
05856016c9
Add exploit for CVE-2014-5005
2014-09-02 23:09:10 +01:00
Joe Vennix
f7617183d9
Revert "Add initial firefox xpi prompt bypass."
...
This reverts commit ebcf972c08
.
2014-09-02 12:27:41 -05:00
Pedro Ribeiro
d480a5e744
Credit h0ng10 properly
2014-09-01 07:58:26 +01:00
Pedro Ribeiro
59847eb15b
Remove newline at the top
2014-09-01 07:56:53 +01:00
Pedro Ribeiro
6a370a5f69
Add exploit for eventlog analyzer file upload
2014-09-01 07:56:01 +01:00
jvazquez-r7
c05edd4b63
Delete debug print_status
2014-08-31 01:34:47 -05:00
jvazquez-r7
8b1791da22
Modify modules to keep old behavior
2014-08-31 01:18:53 -05:00
jvazquez-r7
559ec4adfe
Add module for ZDI-14-299
2014-08-31 01:11:46 -05:00
Brandon Perry
438f0e6365
typos
2014-08-30 09:22:58 -05:00
Brandon Perry
f72cce9ff2
Update railo_cfml_rfi.rb
2014-08-29 17:33:15 -05:00
Spencer McIntyre
1cdf1c2c6e
Land #3709 , @nnam's wing ftp admin console cmd exec
2014-08-29 13:46:01 -04:00
Spencer McIntyre
8095b4893c
Rename and apply rubocop style to wing_ftp_admin_exec
2014-08-29 13:42:11 -04:00
nnam
02bbd53b82
Fix failure messages for check().
2014-08-28 12:09:35 -07:00
Nicholas Nam
6c90a50e47
Handle res.nil case in check(). Revert check for res.nil in
...
execute_command() because it was failing prior to the reverse_shell
connecting.
2014-08-28 10:57:52 -07:00
Nicholas Nam
0788ce9745
Removed unused require and import. Handle the res.nil case in
...
execute_command() and authenticate().
2014-08-28 10:30:30 -07:00
jvazquez-r7
58091b9e2b
Land #3708 , @pedrib fix for manage_engine_dc_pmp_sqli
2014-08-28 10:47:03 -05:00
jvazquez-r7
9d3d25a3b3
Solve conflicts
2014-08-28 10:19:12 -05:00
Brandon Perry
f4965ec5cf
Create railo_cfml_rfi.rb
2014-08-28 08:42:07 -05:00
sinn3r
633eaab466
Land #3714 - Firefox 22-27 WebIDL Privileged Javascript Injection
2014-08-27 01:45:18 -05:00
Joe Vennix
26cfed6c6a
Rename exploit module.
2014-08-26 23:05:41 -05:00
Joe Vennix
96276aa6fa
Get the disclosure date right.
2014-08-26 20:36:58 -05:00
Joe Vennix
52f33128cd
Add Firefox WebIDL Javascript exploit.
...
Also removes an incorrect reference from another FF exploit.
2014-08-26 20:35:17 -05:00
William Vu
9f6a40dfd6
Fix bad pack in mswin_tiff_overflow
...
Reported by @egyjuzer in #3706 .
2014-08-26 11:14:44 -05:00
Nicholas Nam
40b66fae33
Add Wing FTP Server post-auth remote command execution module
2014-08-26 07:28:41 -07:00
Pedro Ribeiro
a8d03aeb59
Fix bug with PMP db paths
2014-08-26 12:54:31 +01:00
Pedro Ribeiro
473341610c
Update name to mention DC; correct servlet name
2014-08-26 12:39:48 +01:00
Joe Vennix
6d3255a3b5
Update bad config error.
2014-08-25 14:43:23 -05:00
Joe Vennix
b652ebb44f
Add other gdb-supported platforms that run on allowed arches.
2014-08-25 14:15:20 -05:00
Joe Vennix
c4a173e943
Remove automatic target, couldn't figure out generic payloads.
2014-08-25 14:14:47 -05:00
Joe Vennix
6313b29b7a
Add #arch method to Msf::EncodedPayload.
...
This allows exploits with few one automatic target to support many
different architectures.
2014-08-24 02:22:15 -05:00
Joe Vennix
88f626184c
Remove linux platform limitation, target depends on arch only.
2014-08-24 01:39:04 -05:00
Joe Vennix
04d0b87067
Reorder module title.
2014-08-24 01:18:21 -05:00
Joe Vennix
c65ba20017
Fix incorrect Platforms key.
2014-08-24 01:15:34 -05:00
Joe Vennix
4e63faea08
Get a shell from a loose gdbserver session.
2014-08-24 01:10:30 -05:00
jvazquez-r7
0031913b34
Fix nil accesses
2014-08-22 16:19:11 -05:00
jvazquez-r7
38e6576990
Update
2014-08-22 13:22:57 -05:00
jvazquez-r7
e93fbbd904
Land #3685 , @pedrib's exploit for CVE-2014-3996
2014-08-22 11:45:41 -05:00
jvazquez-r7
cf147254ad
Use snake_case in the filename
2014-08-22 11:44:35 -05:00
jvazquez-r7
823649dfa9
Clean exploit, just a little
2014-08-22 11:43:58 -05:00
jvazquez-r7
9815b1638d
Refactor pick_target
2014-08-22 11:31:06 -05:00
jvazquez-r7
ecace8beec
Refactor check method
2014-08-22 11:05:36 -05:00
Brandon Turner
05f0d09828
Merge branch staging/electro-release into master
...
On August 15, shuckins-r7 merged the Metasploit 4.10.0 branch
(staging/electro-release) into master. Rather than merging with
history, he squashed all history into two commits (see
149c3ecc63
and
82760bf5b3
).
We want to preserve history (for things like git blame, git log, etc.).
So on August 22, we reverted the commits above (see
19ba7772f3
).
This merge commit merges the staging/electro-release branch
(62b81d6814
) into master
(48f0743d1b
). It ensures that any changes
committed to master since the original squashed merge are retained.
As a side effect, you may see this merge commit in history/blame for the
time period between August 15 and August 22.
2014-08-22 10:50:38 -05:00
jvazquez-r7
ced65734e9
Make some datastore options advanced
2014-08-22 10:26:04 -05:00
jvazquez-r7
b4e3e84f92
Use CamelCase for target keys
2014-08-22 10:23:36 -05:00
jvazquez-r7
b58550fe00
Indent description and fix title
2014-08-22 10:21:08 -05:00
Brandon Turner
19ba7772f3
Revert "Various merge resolutions from master <- staging"
...
This reverts commit 149c3ecc63
.
Conflicts:
lib/metasploit/framework/command/base.rb
lib/metasploit/framework/common_engine.rb
lib/metasploit/framework/require.rb
lib/msf/core/modules/namespace.rb
modules/auxiliary/analyze/jtr_postgres_fast.rb
modules/auxiliary/scanner/smb/smb_login.rb
msfconsole
2014-08-22 10:17:44 -05:00
inkrypto
7e2d474a26
Ranking, Version, Spacing Edit
2014-08-22 11:06:42 -04:00
Pedro Ribeiro
da752b0134
Add exploit for CVE-2014-3996
2014-08-21 15:30:28 +01:00
sinn3r
e2e2dfc6a3
Undo FF
2014-08-19 17:47:44 -05:00
sinn3r
777efb5e48
Land #3669 - Deprecate ff 17 svg exploit
2014-08-19 17:42:31 -05:00
sinn3r
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
joev
b93fda5cef
Remove browser_autopwn hook from deprecated FF module.
2014-08-18 15:33:43 -05:00
joev
87aa63de6e
Deprecate FF17 SVG exploit.
...
This exploit needs flash, the tostring_console injection one does not.
2014-08-18 15:32:51 -05:00
Brendan Coles
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
HD Moore
d8e82b9394
Lands #3655 , fixes pack operators
...
the commit.
he commit.
2014-08-17 17:25:52 -05:00
Brendan Coles
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
HD Moore
6d92d701d7
Merge feature/recog into post-electro master for this PR
2014-08-16 01:19:08 -05:00
sinn3r
e656a81c63
Land #3656 - FF toString console.time Privileged Javascript Injection
2014-08-15 17:07:23 -05:00
joev
6d958475d6
Oops, this doesn't work on 23, only 22.
2014-08-15 17:00:58 -05:00
joev
fb1fe7cb8b
Add some obfuscation.
2014-08-15 16:54:30 -05:00
joev
b574a4c4c5
Wow, this gets a shell all the way back to 15.0.
2014-08-15 16:39:36 -05:00
joev
5706371c77
Update browser autopwn settings.
2014-08-15 16:32:06 -05:00
joev
8c63c8f43d
Add browserautopwn hook now that this is not user-assisted.
2014-08-15 16:28:21 -05:00
joev
694d917acc
No need for web console YESSSS
2014-08-15 16:02:26 -05:00
joev
738a295f0a
Rename module to tostring_console*.
2014-08-15 15:17:37 -05:00
Meatballs
0cc3bdfb35
Moar bad packs
2014-08-15 21:11:37 +01:00
joev
f182613034
Invalid CVE format.
2014-08-15 15:09:45 -05:00
joev
edb9d32e5c
Add module for toString() injection in firefox.
2014-08-15 15:08:10 -05:00
inkrypto
7972da350d
Files move to appropriate directories and have proper formatting
2014-08-15 14:37:29 -04:00
Tod Beardsley
904c1b20b1
Land #3654 , update to 4.10-dev (electro)
2014-08-15 12:51:28 -05:00