30f90f35e9
also check for debian version number
2015-12-16 15:19:33 +01:00
67eba0d708
update description
2015-12-16 14:46:00 +01:00
fa3fb1affc
better ubuntu version check
2015-12-16 14:18:44 +01:00
60181feb51
more ubuntu checks
2015-12-16 14:02:26 +01:00
934c6282a5
check for nil
2015-12-16 13:52:06 +01:00
2661cc5899
check ubuntu specific version
2015-12-16 13:49:07 +01:00
675dff3b6f
use Gem::Version for version compare
2015-12-16 13:04:15 +01:00
01b943ec93
fix check method
2015-12-16 07:26:25 +01:00
595645bcd7
update description
2015-12-16 07:03:01 +01:00
d80a7e662f
some formatting
2015-12-16 06:57:06 +01:00
c2795d58cb
use target_uri.path
2015-12-16 06:55:23 +01:00
2e54cd2ca7
update description
2015-12-16 06:42:41 +01:00
d4ade7a1fd
update check method
2015-12-16 00:18:39 +01:00
c603430228
fix version check
2015-12-15 18:26:21 +01:00
b9b280954b
Add a check for joomla
2015-12-15 11:03:36 -06:00
e4309790f5
renamed module because X-FORWARDED-FOR header is also working
2015-12-15 17:37:45 +01:00
84d5067abe
add joomla RCE module
2015-12-15 17:20:49 +01:00
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
9a0f0a7843
Land #6142 , uptime refactor
2015-11-12 16:58:55 -06:00
ee25cb88b5
Land #6196 , vBulletin 5.1.2 Unserialize Code Execution
2015-11-12 14:38:39 -06:00
6077617bfd
rm res var name
...
the res variable isn't used
2015-11-12 14:37:47 -06:00
199ed9ed25
Move vbulletin_unserialize.rb to exploits/multi/http/
...
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
a0351133a6
Add more references to this exploit
...
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
f86f427d54
Move Compat into Payload so that is actually used
2015-11-09 16:06:05 -06:00
0cc8165b52
And I forgot to rm the test line
2015-11-06 18:11:27 -06:00
8f2a716306
I don't really need to override fail_with
2015-11-06 18:11:08 -06:00
0213da3810
Handle more NilClass bugs
2015-11-06 18:08:51 -06:00
46fac897bd
Land #6144 , China Chopper Web Shell (Backdoor) module
2015-11-05 18:29:36 -06:00
ea22583ed1
Update title and description
2015-11-05 18:29:03 -06:00
27be832c4c
remove the fail_with because it's always triggering anyway
2015-11-05 18:19:46 -06:00
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
038cb66937
Use the right module path
2015-11-05 16:16:46 -06:00
109e9b6b6e
remove debug info - require 'pry'
2015-11-03 06:52:11 +00:00
46fe0c0899
base64 for evasion purposes
2015-11-03 06:42:52 +00:00
6c16d2a1ca
caidao's exploit module
2015-11-02 08:54:18 +00:00
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
8757743821
Update description
2015-10-27 17:39:11 -05:00
cfe9748962
Deprecate exploits/multi/http/uptime_file_upload
...
Please use uptime_file_upload_1.rb
2015-10-27 17:36:54 -05:00
0c648eb210
Move to modules/exploits/multi/http/uptime_file_upload_2
...
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
2015-10-27 17:31:31 -05:00
592fdef93d
Update uptime_code_exec
2015-10-27 17:29:55 -05:00
5b86d2ef95
Fix #6133 , update description, authors and references
...
Fix #6133
Thank you @japp-0xlabs
2015-10-27 14:38:18 -05:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
0d9ebe13a1
Modify check
2015-10-26 15:25:38 -05:00
4f244c54f8
Update mma_backdoor_upload.rb
2015-10-26 23:01:38 +08:00
ad80f00159
Update mma_backdoor_upload.rb
2015-10-24 11:16:49 +08:00
f461c4682b
Update mma_backdoor_upload.rb
2015-10-24 11:15:26 +08:00
181e7c4c75
Update metadata
2015-10-23 17:22:31 -05:00
01c2641c6b
Change print_*
2015-10-23 16:27:52 -05:00
3c961f61a7
Modify check to use Nokogiri
2015-10-23 14:29:16 -05:00
6f02cedff8
Move method create_exec_service
2015-10-23 13:10:00 -05:00
Christian Mehlmauer
wchen-r7
HD Moore
Louis Sato
JT
dmohanty-r7
nixawk