b618c40ceb
Fix English
2013-09-26 09:00:41 -05:00
0339c3ef48
added freeFTPd 1.0.10 (PASS Command)
2013-09-26 20:37:23 +10:00
c2ff5accee
stability fixes to astium_sqli_upload
2013-09-26 10:23:33 +07:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
ff610dc752
Add vulnerability discoverer as author
2013-09-25 12:45:54 -05:00
5c88ad41a8
Beautify nodejs_js_yaml_load_code_exec metadata
2013-09-25 12:44:34 -05:00
99e46d2cdb
Merge branch 'master' into cve-2013-4660_js_yaml_code_exec
...
Conflicts:
modules/exploits/multi/handler.rb
2013-09-25 00:32:56 -05:00
d91cb85a31
Not actually a typo
...
Turns out, the object name is "CCaret," though we're talking about the
"caret." Confuz0ring!
2013-09-24 15:55:52 -05:00
ac1388368f
Typo in module name
2013-09-24 15:50:58 -05:00
a50ab1ddd3
Land #2409 , @xistence exploit for ZeroShell
2013-09-24 15:32:55 -05:00
6c2063c9c0
Do not get a session on every execute_command call
2013-09-24 15:31:40 -05:00
79ca123051
Use snake_case
2013-09-24 15:16:51 -05:00
34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
93486a627d
Whoops on trailing commas
2013-09-24 15:14:11 -05:00
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
52a92a55ce
Land #2394 , ms13_005_hwnd_broadcast require fix
2013-09-24 13:43:21 -05:00
ce4cf55d22
Land #2417 , @todb-r7's change to Platform field to make ruby style compliant
2013-09-24 13:30:48 -05:00
89222f4b16
Land #2416 , OSVDB refs for arkeia_upload_exec
2013-09-24 13:22:24 -05:00
3906d4a2ca
Fix caps that throw msftidy warnings
2013-09-24 13:03:16 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
081c279b61
Remove misleading comment
2013-09-24 11:42:31 -05:00
d15f442e56
Add OSVDB references to arkeia_upload_exec
2013-09-24 08:48:28 -05:00
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
2656c63459
Knock out a Unicode character
2013-09-23 14:22:11 -05:00
99f145cbff
Don't split the post requires
2013-09-23 14:02:43 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
a46ac7533d
Land #2407 , require fix for current_user_psexec
2013-09-23 11:57:19 -05:00
1fc849bdd5
Land #2188 , @m-1-k-3's module for OSVDB 90221
2013-09-23 11:44:43 -05:00
71d74655f9
Modify description
2013-09-23 11:44:04 -05:00
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
8417b916c7
Complete MS13-071 Information
2013-09-21 21:22:34 -05:00
6b06ed0df1
Update current_user_psexec.rb
2013-09-22 03:07:17 +05:00
a08d195308
Add Node.js as a platform.
...
* Fix some whitespace issues in platform.rb
2013-09-20 18:14:01 -05:00
49f15fbea4
Removes PayloadType from exploit module.
2013-09-20 18:01:55 -05:00
8381bf8646
Land #2404 - Add powershell support for current_user_psexec
2013-09-20 17:14:55 -05:00
96364c78f8
Need to catch RequestError too
...
Because a meterpreter session may throw that
2013-09-20 17:13:35 -05:00
59a201a8d3
Land #2334 , @tkrpata and @jvennix-r7's patch for sudo_password_bypass
2013-09-20 17:01:19 -05:00
fb8d0dc887
Write the return
2013-09-20 17:00:07 -05:00
6e69fe48bf
Undo psexec changes
2013-09-20 22:30:00 +01:00
2591be503b
Psh support
2013-09-20 22:07:42 +01:00
15885e4ef6
Change static x value
2013-09-20 20:31:14 +01:00
ee365a6b64
Some liberal sleeping
2013-09-20 19:33:27 +01:00
29649b9a04
Land #2388 , @dummys's exploit for CVE-2013-5696
2013-09-20 13:03:01 -05:00
8922d0fc7f
Fix small bugs on glpi_install_rce
2013-09-20 13:01:41 -05:00
b24ae6e80c
Clean glpi_install_rce
2013-09-20 12:58:23 -05:00
7d1c5c732a
Correct powershell
2013-09-20 18:36:24 +01:00
bb7b57cad9
Land #2370 - PCMAN FTP Server post-auth stack buffer overflow
2013-09-20 12:29:10 -05:00
feb76ea767
Modify check
...
Since auth is required, check function needs to look into that too
2013-09-20 12:28:21 -05:00
2d6c76d0ad
Rename pcman module
...
Because this is clearly a msf module, we don't need 'msf' as a
filename. The shorter the better.
2013-09-20 12:18:24 -05:00
6690e35761
Account for username length
...
Username is part of the overflowing string, need to account for that
2013-09-20 12:17:34 -05:00
9d67cbb4db
Retabbed
2013-09-20 11:58:53 -05:00
9819566d94
Nearly
2013-09-20 17:18:14 +01:00
85152c4281
Land #2400 - Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 10:39:06 -05:00
6f5e528699
Remove author, all the credits go to corelanc0der and sinn3r
2013-09-20 10:27:37 -05:00
83f54d71ea
Add MS13-069 (CVE-2013-3205) IE ccaret object use-after-free
...
This module exploits a use-after-free vulnerability found in Internet Explorer,
specifically in how the browser handles the caret (text cursor) object. In IE's
standards mode, the caret handling's vulnerable state can be triggered by first
setting up an editable page with an input field, and then we can force the caret
to update in an onbeforeeditfocus event by setting the body's innerHTML property.
In this event handler, mshtml!CCaret::`vftable' can be freed using a document.write()
function, however, mshtml!CCaret::UpdateScreenCaret remains unaware aware of this
change, and still uses the same reference to the CCaret object. When the function
tries to use this invalid reference to call a virtual function at offset 0x2c, it
finally results a crash. Precise control of the freed object allows arbitrary code
execution under the context of the user.
The vuln works against IE8 on Win 7, but the current version of the custom spray
doesn't actually work well against that target. More work is needed before we can
add that target for sure. The reason a custom spray is needed is because the
document.write() function erases the typical spray routines we use like
js_property_spray, or the heaplib + substring one. Tried using an iframe too,
but onbeforeeditfocus event doesn't seem to work well in an iframe (does not
fire when innerHTML is used.)
2013-09-20 10:20:35 -05:00
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
a00f3d8b8e
initial
2013-09-20 13:40:28 +01:00
032b9115a0
removed the old exploit
2013-09-20 10:53:52 +02:00
187ab16467
many change in the code and replace at the correct place the module
2013-09-20 10:45:10 +02:00
7d17eef7a7
Updated several msftidy [WARNING] Spaces at EOL issues.
2013-09-19 20:35:08 -07:00
955365d605
Land #2391 - MS13-071 Microsoft Windows Theme File Handling Vulnerability
2013-09-19 22:21:09 -05:00
0eb838156b
Land #2390 - Use payload.encoded because BadChars are defined
2013-09-19 22:10:55 -05:00
9598853fee
Land #2389 - Fix use of Rex sockets from dlink modules
2013-09-19 22:09:53 -05:00
8d70a9d893
Add more refs
2013-09-19 22:05:23 -05:00
137b3bc6ea
Fix whitespace issues.
2013-09-19 17:29:11 -05:00
bd96c6c093
Adds module for CVE-2013-3568.
2013-09-19 17:26:30 -05:00
46a241b168
Fix my own cleanup
2013-09-19 14:51:22 -05:00
08c7b49be0
corrected too much if
2013-09-19 21:47:01 +02:00
31903be393
Land #2380 , @xistence exploit for EDB 28329
2013-09-19 14:42:27 -05:00
cb737525b1
Final cleanup for openemr_sqli_privesc_upload
2013-09-19 14:40:57 -05:00
76e170513d
Do first clean on openemr_sqli_privesc_upload
2013-09-19 14:36:25 -05:00
cf0375f7e6
Fix check return value
2013-09-19 14:17:45 -05:00
862a8fb8aa
corrected indentation bug again
2013-09-19 20:27:23 +02:00
9b486e1dbb
Add comment about the smb_* methods
2013-09-19 13:23:46 -05:00
ce8e94b5fe
corrected indentation bug
2013-09-19 20:14:07 +02:00
bf0f4a523f
Land #2381 , @xistence exploit for EDB 28330
2013-09-19 13:06:41 -05:00
c63423ad69
Update code comment
2013-09-19 13:03:55 -05:00
6073e6f2dc
Fix use of normalize_uri
2013-09-19 12:59:37 -05:00
b4fa535f2b
Fix usage of fail_with
2013-09-19 12:45:29 -05:00
1aba7550f9
Fix check indentation
2013-09-19 12:44:11 -05:00
1f7c3d82c1
Refactor easy methods
2013-09-19 12:42:38 -05:00
891a54aad7
Fix metadata
2013-09-19 12:41:13 -05:00
1a00cce8a9
Clean up
2013-09-19 11:51:07 -05:00
628cfe8e67
Land #2393 , tape_engine_8A filename disambiguation
2013-09-19 10:31:40 -05:00
ef72b30074
Include the post requires until #2354 lands
...
Another one that needs the manual require. See #2354
2013-09-19 09:47:01 -05:00
fb72e7f02a
Disambiguate tape_engine_8A as tape_engine_0x8a
...
This will reopen #2358 to avoid filename collisions on Windows, Rubymine
environments, etc.
2013-09-19 09:35:31 -05:00
058e0fdd80
Changed ret to push esp C:\WINDOWS\system32\msvcrt.dll
2013-09-19 07:21:51 -07:00
f9617e351d
corrected Integer()
2013-09-19 16:04:20 +02:00
926ddf35bc
Fix possible collisions on binding port and handle rex socket
2013-09-19 08:23:25 -05:00
8fe9132159
Land #2358 , deprecate funny names
2013-09-18 14:55:33 -05:00
766e96510d
Added minor indentation updates
2013-09-18 12:12:35 -07:00
60d448f600
Add minor cleanup
2013-09-18 14:10:13 -05:00
db8881966e
Merge remote-tracking branch 'upstream/master'
2013-09-18 12:02:01 -07:00
68647c7363
Add module for MS13-071
2013-09-18 13:40:35 -05:00
accad24f31
Use payload.encoded because BadChars are defined
2013-09-18 13:03:35 -05:00
61ab0e245c
Add Context to rex sockets plus track them with add_socket
2013-09-18 12:39:08 -05:00
1988085a94
Fix possible port conflict
2013-09-18 12:24:36 -05:00
8728a9a3b7
Bumping out deprecation date
...
Pray I don't alter the deprecation date further.
2013-09-18 11:00:35 -05:00
bc57c9c6ec
corrected some codes requested by Meatballs
2013-09-18 17:55:36 +02:00
3366c3aa77
CVE-2013-5696 RCE for GLPI
2013-09-18 16:11:32 +02:00
adc1bd9c65
changes made to astium_sqli_upload based on suggestions
2013-09-18 16:52:31 +07:00
65ee8c7d5c
changed openemr_sqli_privesc_upload according to suggestions
2013-09-18 12:38:20 +07:00
6cbe371381
minor change
2013-09-17 20:33:46 -07:00
d6a1182bd4
changes to arkeia_upload_exec to comply with r7 suggestions #2
2013-09-18 08:24:40 +07:00
24a671b530
changes to arkeia_upload_exec to comply with r7 suggestions
2013-09-18 08:10:58 +07:00
0052f9712b
Updated hard tabs per new requirement
2013-09-17 17:42:01 -07:00
9a555d8701
Fix the modules added since the branch
2013-09-17 18:25:12 -05:00
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
82aa3f97b0
added Astium confweb 25399 RCE
2013-09-17 12:32:10 +07:00
5fc724bced
Kill explanatory comment.
2013-09-16 21:34:38 -05:00
2c47e56d90
Adds module for yaml code exec.
2013-09-16 21:33:57 -05:00
52a1b5fa57
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:43:10 -07:00
226a75b5da
updated pcman_stor_msf.rb module with community feedback.
2013-09-16 17:37:29 -07:00
b4b7cecaf4
Various minor desc fixes, also killed some tabs.
2013-09-16 15:50:00 -05:00
f89af79223
Correct OSVDB for sophos sblistpack exploit
2013-09-16 15:41:50 -05:00
d4f2e72b9c
updated module to include msftidy.rb
2013-09-16 12:46:13 -07:00
82e3910959
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 12:40:36 -07:00
92cf886e49
updated module to include msftidy.rb
2013-09-16 12:38:00 -07:00
4c83336944
Delete pcman_stor_msf.rb
...
delete because of commit issues.
2013-09-16 12:25:39 -07:00
e1e1cab797
Module gets me a shell, yay
2013-09-16 13:37:16 -05:00
f657f4d145
added PCMan's FTP Server Crafted Multiple Command Handling Remote Buffer Overflow (OSVDB 94624)
2013-09-16 09:57:27 -07:00
c18c41d8ea
Don't hidde exceptions
2013-09-16 09:26:13 -05:00
86e5163cad
Fix Indentation and cleanup
2013-09-16 09:19:26 -05:00
62cf9cb07c
Retab changes for PR #2188
2013-09-16 09:09:16 -05:00
842dba20b9
Merge for retab
2013-09-16 09:08:36 -05:00
af873b7349
added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE
2013-09-16 16:19:35 +07:00
b2b629f932
added WD Arkeia Appliance RCE
2013-09-16 14:38:50 +07:00
67cd62f306
Land #2366 - HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
2013-09-16 01:44:23 -05:00
54e9cd81f3
Add module for ZDI-13-226
2013-09-13 17:31:51 -05:00
10303a8c2a
Delete debug print_status
2013-09-13 17:05:23 -05:00
dca4351303
Add check function
2013-09-13 16:51:14 -05:00
f7c4e081bb
Add module for ZDI-13-225
2013-09-13 16:40:28 -05:00
b2ba4b445f
Land #2362 , update description
2013-09-13 12:56:04 -05:00
4847976995
Update information about original discovery
...
Update info about original discovoery. See #2337 too.
2013-09-13 10:42:11 -05:00
c665f41cd6
Fix description
2013-09-13 09:09:14 -05:00
76f27ecde8
Require the deprecation mixin in all modules
...
Because rememberin to require it, and hoping against a race is not how we
roll any more.
2013-09-12 15:49:33 -05:00
761042f14b
require the deprecated mixin
2013-09-12 15:42:01 -05:00
968f299772
Deprecate A-PDF exploit for filename change
...
See PT 56796034
See PT 56795804
2013-09-12 15:30:26 -05:00
ac90cd1263
Land #2248 - Fix dlink upnp exec noauth
2013-09-12 15:10:20 -05:00
58b634dd27
Remove unnecessary requires from post mods
2013-09-12 14:36:01 -05:00
34383661cb
Land #2351 - Agnitum Outpost Internet Security Local Privilege Escalation
2013-09-12 14:21:05 -05:00
5aa6a0dd6b
Land #2346 - Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
2013-09-12 14:19:02 -05:00
f42e6e8bca
Land #2345 - Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
2013-09-12 14:17:24 -05:00
8db66aeb98
Yes, clearly it is.
2013-09-12 14:16:34 -05:00
d781f447db
Merge branch 'pr2345' into upstream-master
2013-09-12 14:15:18 -05:00
d47de46d94
Deprecate brightstor/tape_engine_8A
...
This module is getting renamed to 8a, instead of 8A.
2013-09-12 13:59:44 -05:00
9ad1be7318
Make junk easier
2013-09-11 09:33:01 -05:00
825eb9d1ca
Add module for OSVDB 96208
2013-09-11 00:11:00 -05:00
4f1db80c24
Fix requires in new post modules
2013-09-10 11:13:07 -05:00
bf40dc02ce
Add module for CVE-2013-4984
2013-09-09 23:27:24 -05:00
c3ff9a03d8
Add module for CVE-2013-4983
2013-09-09 23:26:10 -05:00
aff35a615b
Grammar fixes in descriptions
2013-09-09 15:09:53 -05:00
791b6f69c2
Land #2337 , @wchen-r7's exploit for MS13-055
2013-09-09 11:12:03 -05:00
0ee0168556
Retabbed
...
One kills a man, one is an assassin; one kills millions, one is a
conqueror; one kills a tab, one is a Metasploit dev.
2013-09-09 10:01:01 -05:00
6ab905e9e0
Less alignment
2013-09-09 09:39:02 -05:00
992bdcf530
Not from the future
2013-09-09 00:36:28 -05:00
c3db41334b
Add MS13-055 Internet Explorer Use-After-Free Vulnerability
...
In IE8 standards mode, it's possible to cause a use-after-free condition by first
creating an illogical table tree, where a CPhraseElement comes after CTableRow,
with the final node being a sub table element. When the CPhraseElement's outer
content is reset by using either outerText or outerHTML through an event handler,
this triggers a free of its child element (in this case, a CAnchorElement, but
some other objects apply too), but a reference is still kept in function
SRunPointer::SpanQualifier. This function will then pass on the invalid reference
to the next functions, eventually used in mshtml!CElement::Doc when it's trying to
make a call to the object's SecurityContext virtual function at offset +0x70, which
results a crash. An attacker can take advantage of this by first creating an
CAnchorElement object, let it free, and then replace the freed memory with another
fake object. Successfully doing so may allow arbitrary code execution under the
context of the user.
This bug is specific to Internet Explorer 8 only. It was originally discovered by
Orange Tsai at Hitcon 2013, but was silently patched in the July 2013 update, so
no CVE as of now.
2013-09-08 20:02:23 -05:00
3da9c4a685
Cleans up timeouts, wait before dropping payload, actually call #cleanup#super to kill the dropped file
2013-09-06 13:05:17 -05:00
2aed293d9a
Handle locked date and time preference pane
...
If the date and time preference pane is locked, effects are:
1. systemsetup takes 30 seconds to return
added a 30-second timeout to cmd_exec
2. Unable to change system date and time settings
added additional check to see if date change was successful
2013-09-06 10:17:09 -04:00
7d4bf0c739
Retab changes for PR #2327
2013-09-05 23:25:41 -05:00
34b499588b
Merge for retab
2013-09-05 23:24:22 -05:00
473f08bbb6
Register cleanup and update check
2013-09-05 22:43:26 +01:00
400b433267
Sort out exception handling
2013-09-05 22:21:44 +01:00
07060e4e69
Add return in check
2013-09-05 16:57:47 -04:00
d4043a6646
Spaces and change to filedropper
2013-09-05 20:41:37 +01:00
c5daf939d1
Stabs tabassassin
2013-09-05 20:36:52 +01:00
f780a41f87
Retab changes for PR #2248
2013-09-05 14:12:24 -05:00
554d1868ce
Merge for retab
2013-09-05 14:12:18 -05:00
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
d0360733d7
Retab changes for PR #2282
2013-09-05 14:05:34 -05:00
49dface180
Merge for retab
2013-09-05 14:05:28 -05:00
9787bb80e7
Address @jlee-r7's feedback
2013-09-05 19:57:05 +01:00
206b52ea30
Land #2325 , @jlee-r7's Linux PrependFork addition
2013-09-05 13:50:59 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
896bb129cd
Retab changes for PR #2325
2013-09-05 13:24:09 -05:00
5ff25d8b96
Merge for retab
2013-09-05 13:23:25 -05:00
c9c6f84668
Retab changes for PR #2328
2013-09-05 13:16:15 -05:00
9bdc274904
Merge for retab
2013-09-05 13:15:07 -05:00
50c6f26329
Don't deregister PrependFork
2013-09-05 10:50:36 -05:00
5c06a471f9
Get the call result
2013-09-05 08:33:35 -05:00
3681955f68
Use Msf::Config.data_directory
2013-09-05 08:28:50 -05:00
6b1d7545d6
Refactor, avoid duplicate code
2013-09-05 08:26:49 -05:00
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
b6245eea72
Update target info
2013-09-04 16:43:26 -05:00
34b3ee5e17
Update ranking and description
2013-09-04 16:10:15 -05:00
94125a434b
Add module for ZDI-13-205
2013-09-04 15:57:22 -05:00
b913fcf1a7
Add a proper PrependFork for linux
...
Also fixes a typo bug for AppendExit
2013-09-04 00:15:07 -05:00
3066e7e19d
ReverseConnectRetries ftw
2013-09-04 00:16:19 +01:00
a8e77c56bd
Updates
2013-09-03 22:46:20 +01:00
ac0c493cf9
Merge branch 'master' of github.com:rapid7/metasploit-framework into local_win_priv_keyring
2013-09-03 21:33:11 +01:00
84aaf2334a
Retab new material
2013-09-03 11:47:26 -05:00
0c1e6546af
Update from master
2013-09-03 11:45:39 -05:00
ca8dacb93b
Minor module description updates for grammar.
2013-09-03 10:31:45 -05:00
ac0b14e793
Add the missing CVE reference
...
Was looking at all the 2013 exploit modules for missing CVE references
2013-08-31 18:54:16 -05:00
0736677a01
Land #2299 - Add powershell support & removes ADODB.Stream requirement
2013-08-31 00:32:23 -05:00
c4aa557364
Land #2292 - Fix the way to get a session over a telnet connection
2013-08-31 00:29:25 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
5b32c63a42
Land #2308 , @wchen-r7's exploit for MS13-059
2013-08-30 10:59:36 -05:00
ea8cd2dc46
Update authors list
2013-08-30 10:52:39 -05:00
a283f1d4fa
Correct module title
2013-08-30 10:50:35 -05:00
f4e09100bd
Correct file name
2013-08-30 10:50:05 -05:00
38dbab9dd0
Fix typos
2013-08-30 10:43:26 -05:00
7401f83d8e
Land #2305 - HP LoadRunner lrFileIOService ActiveX WriteFileString Bug
2013-08-30 03:23:47 -05:00
0a1b078bd8
Add CVE-2013-3184 (MS13-058) CFlatMarkupPointer Use After Free
...
Please see module description for more info.
2013-08-30 03:16:28 -05:00
657be3a3d9
Fix typo
2013-08-29 14:42:59 -05:00
4a6bf1da7f
Add module for ZDI-13-207
2013-08-29 14:09:45 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
7b9314763c
Add the require boilerplate
...
Fixes a bug that sometimes comes up with load order on this module. I
know @jlee-r7 is working on a better overall solution but this should
solve for the short term.
Note, since the problem is practically machine-specific. @jlee-r7
suggested rm'ing all modules but the one under test. Doing that exposes
the bug, and I've verified this fix in that way.
2013-08-29 13:03:11 -05:00
a12f5092dd
Encode the powershell cmd
2013-08-28 22:37:11 +01:00
aa0563244b
Update unsafe scripting module
2013-08-28 22:30:46 +01:00
feae4a41e7
I don't like end-of-line comments
2013-08-28 12:42:26 -05:00
57c7d0679a
Land #2295 - Add platform info
2013-08-28 10:38:50 -05:00
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
b702a0d353
Fix "A payload has not been selected."
...
Since platform definition is missing, exploitation fails.
2013-08-28 12:53:08 +02:00
0bfc12ada1
Fix the way to get a session over a telnet connection
2013-08-27 11:38:49 -05:00
b0226cab79
Land #2290 - HP LoadRunner lrFileIOService ActiveX Vulnerability
2013-08-27 11:19:43 -05:00
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
997c5e5516
Land #2291 , @todb-r7's patch for oracle_endeca_exec's requires
2013-08-27 11:01:21 -05:00
15b741bb5f
Require the powershell mixin explicitly
2013-08-27 10:36:51 -05:00
f59f57e148
Randomize object id
2013-08-27 10:35:06 -05:00
66fa1b41aa
Fix logic to spray correctly IE9
2013-08-27 09:57:55 -05:00
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
93c46c4be5
Complete the Author metadata
2013-08-26 23:29:16 -05:00
8efe2d9206
Land #2289 , @jlee-r7's exploit for CVE-2013-1662
2013-08-26 23:27:19 -05:00
e1e889131b
Add references and comments
2013-08-26 23:26:13 -05:00
63786f9e86
Add local exploit for taviso's vmware privesc
2013-08-26 21:06:40 -05:00
7a4d781538
Land #2274 - Firefox XMLSerializer Use After Free
2013-08-26 20:53:42 -05:00
4cbdf38377
updated contact info
...
MASTER OF DISASTER
ULTRA LASER
:::::::-. :::::::.. :::::::-. ... ... . :
;;, `';,;;;;``;;;; ;;, `';, .;;;;;;;. .;;;;;;;. ;;,. ;;;
`[[ [[ [[[,/[[[' `[[ [[,[[ \[[,,[[ \[[,[[[[, ,[[[[,
$$, $$ $$$$$$c $$, $$$$$, $$$$$$, $$$$$$$$$$$"$$$
888_,o8P' 888b "88bo,d8b 888_,o8P'"888,_ _,88P"888,_ _,88P888 Y88" 888o
MMMMP"` MMMM "W" YMP MMMMP"` "YMMMMMP" "YMMMMMP" MMM M' "MMM
2013-08-26 16:14:49 -07:00
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
252f48aeee
Land #2272 , @jvennix-r7's exploit for CVE-2013-1775
2013-08-26 13:21:58 -05:00
0baaf989fb
Delete on_new_session cleanup, as discusses with @jlee-r7
2013-08-26 13:20:43 -05:00
05f1622fcb
Fix require
2013-08-26 16:21:18 +01:00
3b9ded5a8e
BypassUAC now checks if the process is LowIntegrityLevel
...
and fails if so. Some small improvements made to Post::Priv
and BypassUAC module.
2013-08-26 13:54:55 +01:00
f8d1d29648
Add module for ZDI-13-182
2013-08-25 23:07:08 -05:00
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
757886bece
Remove some extra wip files.
2013-08-24 14:52:52 -05:00
29320f5b7f
Fix vn refs. Add juan as an @author.
2013-08-24 13:07:35 -05:00
5b812b0c22
Add references
2013-08-24 12:12:21 -05:00
jvazquez-r7
TecR0c
xistence
FireFart
joev
Tod Beardsley
William Vu
darknight007
Joe Vennix
sinn3r
Meatballs
dummys
Rick Flores (nanotechz9l)
James Lee
Tyler Krpata
Tab Assassin
jgor
Vlatko Kosturjak
g0tmi1k
violet