Commit Graph

819 Commits (3b21de390661675fc6d47dbce293e37bd128e56c)

Author SHA1 Message Date
Christian Mehlmauer 7d42dcee9c
Land #4769, Wordpress holding-pattern theme file upload 2015-02-21 23:13:06 +01:00
rastating 708340ec5a Tidy up various bits of code 2015-02-21 12:53:33 +00:00
rastating 76a64b31d7 Resolve msftidy issues 2015-02-21 01:41:29 +00:00
rastating 7d30b214ee Add WordPress admin shell upload module 2015-02-21 01:31:33 +00:00
Tod Beardsley 6370c99755
Avoid version numbers in titles 2015-02-17 10:28:56 -06:00
Tod Beardsley 62a679ebb8
Avoid version numbers in titles
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
rastating 40c92f5fe3 Add URL reference 2015-02-14 13:09:37 +00:00
rastating 4dce589bbe Add WordPress Holding Pattern file upload module 2015-02-14 12:54:03 +00:00
Christian Mehlmauer 55f57e0b9b
Land #4746, WordPress photo-gallery exploit 2015-02-12 22:24:12 +01:00
Christian Mehlmauer bce7211f86
added url and randomize upload directory 2015-02-12 22:16:37 +01:00
jvazquez-r7 155651e187 Make filename shorter 2015-02-12 11:45:51 -06:00
jvazquez-r7 95bfe7a7de Do minor cleanup 2015-02-12 11:45:51 -06:00
rastating 30f310321d Added CVE reference 2015-02-12 11:45:51 -06:00
rastating 38ad960640 Add Maarch LetterBox file upload module 2015-02-12 11:45:51 -06:00
rastating cb1efa3edd Improved error handling, tidied up some code 2015-02-11 10:16:18 +00:00
rastating 80a086d5f6 Add WordPress Photo Gallery upload module 2015-02-11 01:03:51 +00:00
Christian Mehlmauer 6d46182c2f
Land #4570, @rastating 's module for wp-easycart 2015-02-07 23:42:23 +01:00
Christian Mehlmauer f2b834cebe
remove check because the vuln is unpatched 2015-02-07 23:38:44 +01:00
Christian Mehlmauer d2421a2d75
wrong version 2015-02-07 23:34:19 +01:00
Christian Mehlmauer 56d2bc5adb
correct version number 2015-02-07 23:22:43 +01:00
rastating 345d5c5c08 Update version numbers to reflect latest release 2015-02-07 19:09:16 +00:00
jvazquez-r7 1ea4a326c1
Land #4656, @nanomebia's fixes for sugarcrm_unserialize_exec 2015-02-06 16:42:01 -06:00
jvazquez-r7 e511f72ab4 Delete final check
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
jvazquez-r7 c0e1440572
Land #4685, @FireFart's module for Wordpress Platform Theme RCE 2015-02-03 17:35:59 -06:00
jvazquez-r7 28f303d431 Decrease timeout 2015-02-03 17:33:29 -06:00
jvazquez-r7 a1c157a4db
Land #4609, @h0ng10's module for Wordpress Pixabay Images PHP Code Upload 2015-02-03 17:01:32 -06:00
jvazquez-r7 eebee7c066 Do better session creation handling 2015-02-03 17:00:37 -06:00
jvazquez-r7 4ca4fd1be2 Allow to provide the traversal depth 2015-02-03 16:38:40 -06:00
jvazquez-r7 e62a5a4fff Make the calling payload code easier 2015-02-03 16:23:04 -06:00
jvazquez-r7 61cdb5dfc9 Change filename 2015-02-03 16:13:10 -06:00
jvazquez-r7 82be43ea58 Do minor cleanup 2015-02-03 16:07:27 -06:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
Nanomebia d04fd3b978 Fixing Indentation
Small indentation fix
2015-01-29 13:03:19 +08:00
Nanomebia af90c6482b Sanity Changes
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia 27c412341f Syntax Changes
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia fc3094ec9b Syntax changes
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia 321eb452c5 Syntax Fixes
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia fefc3d088c Cookie fix and success display
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check.  Also
fixed the success display -  changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
Hans-Martin Münch (h0ng10) 419fa93897 Add OSVDB and WPScan references 2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10) dfbbc79e0d make retries a datastore option 2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10) 11bf58e548 Use metasploit methods 2015-01-23 08:48:52 +01:00
rastating 9d3397901b Correct version numbers and code tidy up 2015-01-19 20:59:46 +00:00
Hans-Martin Münch (h0ng10) 5813c639d1 Initial commit 2015-01-19 17:23:48 +01:00
rastating 8a89b3be28 Cleanup of various bits of code 2015-01-13 22:20:40 +00:00
rastating 8246f4e0bb Add ability to use both WP and EC attack vectors 2015-01-12 23:30:59 +00:00
rastating e6f6acece9 Add a date hash to the post data 2015-01-12 21:21:50 +00:00
rastating ea37e2e198 Add WP EasyCart file upload exploit module 2015-01-10 21:05:02 +00:00
Christian Mehlmauer d4d1a53533
fix invalid url 2015-01-09 21:57:52 +01:00