Commit Graph

1412 Commits (3fdd3d36516549eb498662c64ca31d38a46ee239)

Author SHA1 Message Date
JT 28ca899914 Update phpfilemanager_rce.rb 2015-12-03 18:07:25 +08:00
JT d63bb4768f Update phpfilemanager_rce.rb 2015-12-03 14:09:02 +08:00
JT 374b630601 Update phpfilemanager_rce.rb 2015-12-03 13:57:19 +08:00
JT 56b810cb18 Update phpfilemanager_rce.rb 2015-12-03 12:44:41 +08:00
JT 5414f33804 Update phpfilemanager_rce.rb 2015-12-03 12:43:47 +08:00
JT ab77ab509a Update phpfilemanager_rce.rb 2015-12-03 12:35:49 +08:00
JT 869caf789f Update phpfilemanager_rce.rb 2015-12-03 12:34:17 +08:00
JT a2d51d48cd Add phpFileManager 0.9.8 Remote Code Execution 2015-12-03 12:11:31 +08:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
Spencer McIntyre dc5e9a1d0a Support CSRF token in the Jenkins aux cmd module 2015-11-22 17:51:27 -05:00
Louis Sato 9a0f0a7843
Land #6142, uptime refactor 2015-11-12 16:58:55 -06:00
wchen-r7 ee25cb88b5
Land #6196, vBulletin 5.1.2 Unserialize Code Execution 2015-11-12 14:38:39 -06:00
wchen-r7 6077617bfd rm res var name
the res variable isn't used
2015-11-12 14:37:47 -06:00
wchen-r7 199ed9ed25 Move vbulletin_unserialize.rb to exploits/multi/http/
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
JT a0351133a6 Add more references to this exploit
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
HD Moore f86f427d54 Move Compat into Payload so that is actually used 2015-11-09 16:06:05 -06:00
wchen-r7 0cc8165b52 And I forgot to rm the test line 2015-11-06 18:11:27 -06:00
wchen-r7 8f2a716306 I don't really need to override fail_with 2015-11-06 18:11:08 -06:00
wchen-r7 0213da3810 Handle more NilClass bugs 2015-11-06 18:08:51 -06:00
wchen-r7 46fac897bd
Land #6144, China Chopper Web Shell (Backdoor) module 2015-11-05 18:29:36 -06:00
wchen-r7 ea22583ed1 Update title and description 2015-11-05 18:29:03 -06:00
wchen-r7 27be832c4c remove the fail_with because it's always triggering anyway 2015-11-05 18:19:46 -06:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
wchen-r7 038cb66937 Use the right module path 2015-11-05 16:16:46 -06:00
nixawk 109e9b6b6e remove debug info - require 'pry' 2015-11-03 06:52:11 +00:00
nixawk 46fe0c0899 base64 for evasion purposes 2015-11-03 06:42:52 +00:00
nixawk 6c16d2a1ca caidao's exploit module 2015-11-02 08:54:18 +00:00
Louis Sato 57304a30a8
Land #6139, remove bad ref links 2015-10-29 16:00:43 -05:00
wchen-r7 8757743821 Update description 2015-10-27 17:39:11 -05:00
wchen-r7 cfe9748962 Deprecate exploits/multi/http/uptime_file_upload
Please use uptime_file_upload_1.rb
2015-10-27 17:36:54 -05:00
wchen-r7 0c648eb210 Move to modules/exploits/multi/http/uptime_file_upload_2
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
2015-10-27 17:31:31 -05:00
wchen-r7 592fdef93d Update uptime_code_exec 2015-10-27 17:29:55 -05:00
wchen-r7 5b86d2ef95 Fix #6133, update description, authors and references
Fix #6133

Thank you @japp-0xlabs
2015-10-27 14:38:18 -05:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
wchen-r7 0d9ebe13a1 Modify check 2015-10-26 15:25:38 -05:00
JT 4f244c54f8 Update mma_backdoor_upload.rb 2015-10-26 23:01:38 +08:00
JT ad80f00159 Update mma_backdoor_upload.rb 2015-10-24 11:16:49 +08:00
JT f461c4682b Update mma_backdoor_upload.rb 2015-10-24 11:15:26 +08:00
wchen-r7 181e7c4c75 Update metadata 2015-10-23 17:22:31 -05:00
wchen-r7 01c2641c6b Change print_* 2015-10-23 16:27:52 -05:00
wchen-r7 3c961f61a7 Modify check to use Nokogiri 2015-10-23 14:29:16 -05:00
wchen-r7 6f02cedff8 Move method create_exec_service 2015-10-23 13:10:00 -05:00
Ewerson Guimaraes (Crash) 2828653f8f Update uptime_code_exec.rb 2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash) 5539363218 Update uptime_code_exec.rb 2015-10-23 11:33:59 +02:00
JT be89cb32c9 Th3 MMA mma.php Backdoor Arbitrary File Upload 2015-10-23 08:47:40 +08:00
wchen-r7 f06d7591d6 Add header for zpanel_information_disclosure_rce.rb 2015-10-20 16:19:44 -05:00
wchen-r7 70b005de7f
Land #6041, Zpanel info disclosure exploit 2015-10-20 16:08:16 -05:00
wchen-r7 728fd17856 Make code changes for zpanel_information_disclosure_rce.rb
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
jvazquez-r7 28ca34c40a
Fix conflicts 2015-10-16 15:38:59 -05:00
wchen-r7 c399d7e381
Land #5959, Add Nibbleblog File Upload Vuln 2015-10-16 15:30:13 -05:00
wchen-r7 9666660c06 Enforce check and add another error message 2015-10-16 15:29:12 -05:00
jvazquez-r7 4517270627
Fix modules using Msf::HTTP::JBoss 2015-10-15 11:49:15 -05:00
HD Moore d67b55d195 Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00
brent morris 28454f3b2e MSFTidyness 2015-10-08 12:59:46 -04:00
wchen-r7 871f46a14e
Land #6038, ManageEngine ServiceDesk Plus Arbitrary File Upload 2015-10-07 15:17:58 -05:00
wchen-r7 dddfaafac7 Update reference 2015-10-07 15:17:22 -05:00
brent morris 5eff3e5637 Removed hard tabs 2015-10-02 14:34:00 -04:00
brent morris 4ee7ba05aa Removing hard tabs test 2015-10-02 14:31:46 -04:00
brent morris 6406a66bc0 Remove Ranking 2015-10-02 14:24:46 -04:00
brent morris 9f71fd9bfd Formatting ZPanel Exploit 2015-10-02 14:23:07 -04:00
brent morris 89a50c20d0 Added Zpanel Exploit 2015-10-02 13:29:53 -04:00
William Vu a773627d26
Land #5946, simple_backdoors_exec module 2015-10-02 11:18:29 -05:00
Pedro Ribeiro 659a09f7d2 Create manageengine_sd_uploader.rb 2015-10-02 16:04:05 +01:00
JT 33916997a4 Update zemra_panel_rce.rb
revised the name and the description
2015-10-02 09:49:59 +08:00
JT fa1391de87 Update simple_backdoors_exec.rb
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT 501325d9f4 Update zemra_panel_rce.rb 2015-10-02 06:48:34 +08:00
JT 2802b3ca43 Update zemra_panel_rce.rb
sticking res
2015-10-02 00:00:30 +08:00
JT 5c5f3a4e7f Update zemra_panel_rce.rb
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
JT 66560d5339 Update zemra_panel_rce.rb 2015-10-01 19:16:23 +08:00
JT a7fa939fda Zemra Botnet C2 Web Panel Remote Code Execution
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT 2de6c77fa2 Update simple_backdoors_exec.rb 2015-09-30 18:11:05 +08:00
JT 46adceec8f Update simple_backdoors_exec.rb 2015-09-29 10:40:28 +08:00
JT dd650409e4 Update simple_backdoors_exec.rb 2015-09-29 08:05:13 +08:00
JT e185277ac5 Update simple_backdoors_exec.rb 2015-09-24 14:14:23 +08:00
JT 56a551313c Update simple_backdoors_exec.rb 2015-09-24 13:54:40 +08:00
JT 192369607d Update simple_backdoors_exec.rb
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
JT 9e6d3940b3 Update simple_backdoors_exec.rb 2015-09-13 23:30:14 +08:00
wchen-r7 602a12a1af typo 2015-09-10 18:28:42 -05:00
Roberto Soares 68521da2ce Fix check method. 2015-09-10 04:40:12 -03:00
Roberto Soares 4566f47ac5 Fix check method. 2015-09-10 03:56:46 -03:00
Roberto Soares 0ba03f7a06 Fix words. 2015-09-09 21:27:57 -03:00
Roberto Soares bc3f5b43ab Removerd WordPress mixin. 2015-09-09 21:26:15 -03:00
Roberto Soares 4e31dd4e9f Add curesec team as vuln discovery. 2015-09-09 21:13:51 -03:00
Roberto Soares 6336301df3 Add Nibbleblog File Upload Vulnerability 2015-09-09 21:05:36 -03:00
Roberto Soares d3aa61d6a0 Move bolt_file_upload.rb to exploits/multi/http 2015-09-09 13:41:44 -03:00
JT 31a8907385 Update simple_backdoors_exec.rb 2015-09-09 08:30:21 +08:00
JT 4e23bba14c Update simple_backdoors_exec.rb
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT 002aada59d Update simple_backdoors_exec.rb
changed shell to res
2015-09-08 14:54:26 +08:00
JT 467f9a8353 Update simple_backdoors_exec.rb 2015-09-08 14:45:54 +08:00
JT 37c28ddefb Update simple_backdoors_exec.rb
Updated the description
2015-09-08 13:42:12 +08:00
JT 0f8123ee23 Simple Backdoor Shell Remote Code Execution 2015-09-08 13:08:47 +08:00
Ewerson Guimaraes (Crash) 944f47b064 Update
Check nil
Removed headers
Fixed url normalization
2015-09-05 10:07:58 +02:00
Ewerson Guimaraes (Crash) 68d27acd69 Update
Add exploit-db references
nil check  to version
2015-09-04 23:18:24 +02:00
Ewerson Guimaraes (Crash) 5b5e97f37a Update
Add normalize_uri
Change print_status  tp vprint_status
Removed unused http headers
an other minor changes
2015-09-04 22:12:42 +02:00
Ewerson Guimaraes (Crash) 5063acac3c Poorly designed argument fixed
Poorly designed argument fixed
2015-09-04 19:43:49 +02:00
HD Moore 04d622b69b Cleanup Jenkins-CI module titles and option descriptions 2015-09-04 10:25:51 -07:00
Ewerson Guimaraes (Crash) cf8b34191d Updates
Add Def for  cgi request.
2015-09-04 19:19:02 +02:00
James Lee b2c401696b
Add certutil support.
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee 1e6a1f6d05 Revert "Fix spec like I shoulda done before landing #5736"
This reverts commit 956c8e550d.

Conflicts:
	spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
Ewerson Guimaraes (Crash) 92aa09a586 Merge remote-tracking branch 'rapid7/master' into Uptime 2015-09-03 20:48:50 +02:00
Ewerson Guimaraes (Crash) 6250983fb4 Update
Update
2015-09-03 20:29:57 +02:00
James Lee b4547711f3
Add certutil support.
Tested while landing #5736
2015-09-03 13:27:10 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
Ewerson Guimaraes (Crash) 252e80e793 Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
2015-08-31 23:57:39 +02:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
William Vu c94a185610
Land #5697, Werkzeug debug RCE 2015-08-13 13:32:27 -05:00
William Vu d54ee19ce9 Clean up module 2015-08-13 13:32:22 -05:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
h00die eab9b3bf5b interpolation fix on secret 2015-08-01 14:39:12 -04:00
h00die ceb49a51a6 thanks @espreto for help 2015-08-01 11:11:37 -04:00
h00die 4561241609 updates per @jvazquez-r7 comments 2015-07-24 20:34:40 -04:00
jvazquez-r7 2c9183fa56
Return check code 2015-07-24 16:14:43 -05:00
jvazquez-r7 a163606513
Delete unused SLEEP option 2015-07-24 15:29:56 -05:00
jvazquez-r7 1b1ac09d2a Merge to solve conflicts 2015-07-24 15:24:29 -05:00
Tod Beardsley cadb03bac0
Fix my own blasted typo, ty @wvu-r7 2015-07-20 17:14:34 -05:00
Tod Beardsley f7c11d0852
More cleanups
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678, adobe_flash_hacking_team_uaf.rb

Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698, Adobe Flash CVE-2015-5122 opaqueBackground

Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471, @pedrib's module for SysAid CVE-2015-2994

Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley ab6204ca2e
Correct spelling of sysaid module
First landed in #5473.
2015-07-20 16:21:50 -05:00
Pedro Ribeiro 3fe165a265 Remove whitespace at the end 2015-07-18 20:18:34 +01:00
Pedro Ribeiro 70a2247941 Pick target is not needed... 2015-07-18 20:12:49 +01:00
Pedro Ribeiro 7483e77bba Fix Linux target by trying again if exploit fails 2015-07-18 20:12:13 +01:00
jvazquez-r7 4e6b00fe31
Land #5473, @pedrib's exploit for Sysaid CVE-2015-2994
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7 00adbd7f64 Fix quotes 2015-07-17 12:09:54 -05:00
jvazquez-r7 57c4a3387b
Fix paths for windows and cleanup 2015-07-17 12:09:18 -05:00
jvazquez-r7 46ffb97c1c
Land #5471, @pedrib's module for SysAid CVE-2015-2994
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
jvazquez-r7 309a86ec57
Do code cleanup 2015-07-17 11:26:54 -05:00
h00die 57f62ffa76 changed URI to TARGETURI as per comments 2015-07-13 20:18:45 -04:00
h00die 8819674522 updated per feedback from PR 2015-07-11 21:03:02 -04:00
h00die bff92f2304 Initial add 2015-07-10 21:13:12 -04:00
h00die 1d50bda609 initial add of blank file 2015-06-27 21:38:25 -04:00
jvazquez-r7 a10fa02b00
Land #5606, @wchen-r7's glassfish fixes 2015-06-26 14:12:50 -05:00
wchen-r7 3b5e2a0c6e Use TARGETURI 2015-06-26 14:02:17 -05:00
wchen-r7 b46e1be22f
Land #5371, Add file checking to the on_new_session cleanup 2015-06-26 13:33:57 -05:00
wchen-r7 c70e38a14e Do more reporting 2015-06-25 22:39:56 -05:00
wchen-r7 5ef4cc2bb4 Save creds 2015-06-25 17:10:20 -05:00
wchen-r7 1a371b11b0 Update description 2015-06-25 17:04:31 -05:00
wchen-r7 c330d10403 Make SSL as a basic option
Also:

Fix #5558
2015-06-25 02:06:51 -05:00
wchen-r7 5c98da05fb This works for Glassfish 4.0 & 9.1 2015-06-25 01:58:24 -05:00
wchen-r7 c826785ebb Fix auth bypass 2015-06-24 19:49:04 -05:00
wchen-r7 8e4fa80728 This looks good so far 2015-06-24 19:30:02 -05:00
wchen-r7 380af29482 Progress? 2015-06-24 14:17:45 -05:00
wchen-r7 6046994138 version does not return nil 2015-06-23 10:31:01 -05:00
Pedro Ribeiro ea49fd2fdc Update sysaid_rdslogs_fle_upload.rb 2015-06-20 16:59:28 +01:00
Pedro Ribeiro 3181d76e63 Update sysaid_auth_file_upload.rb 2015-06-20 16:53:33 +01:00
William Vu b994801172 Revert auto tab replacement 2015-06-19 11:22:40 -05:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
Pedro Ribeiro d5b33a0074 Update sysaid_rdslogs_fle_upload.rb 2015-06-03 22:01:13 +01:00
Pedro Ribeiro 37827be10f Update sysaid_auth_file_upload.rb 2015-06-03 22:00:44 +01:00
Pedro Ribeiro 62993c35d3 Create sysaid_rdslogs_fle_upload.rb 2015-06-03 21:45:14 +01:00
Pedro Ribeiro 193b7bcd2e Create sysaid_auth_file_upload.rb 2015-06-03 21:44:02 +01:00
jvazquez-r7 0fb21af247
Verify deletion at on_new_session moment 2015-05-11 18:56:18 -05:00
William Vu 71518ef613
Land #5303, metasploit-payloads Java binaries 2015-05-07 22:39:54 -05:00
William Vu 2f2169af90 Use single quotes consistently 2015-05-07 22:39:36 -05:00
Brent Cook a066105a86 prefer reading directly with MetasploitPayloads where possible 2015-05-07 16:59:02 -05:00
William Vu b8c7161819 Fix up NameError'd payload_exe 2015-05-06 11:34:05 -05:00
Brent Cook a0c806c213 Update java meterpreter and payload references to use metasploit-payloads 2015-05-05 15:01:00 -05:00
jvazquez-r7 a531ad9ec2
Land #5096, @pedrib's exploit for Novell ZCM CVE-2015-0779 2015-05-01 14:35:28 -05:00
jvazquez-r7 0ff33572a7
Fix waiting loop 2015-05-01 14:34:43 -05:00
jvazquez-r7 645f239d94
Change module filename 2015-05-01 14:18:34 -05:00
jvazquez-r7 11a3f59b0b
Return false if there isn't a positive answer 2015-05-01 14:06:57 -05:00
jvazquez-r7 093c2e3ace
Do minor style cleanup 2015-05-01 13:56:48 -05:00
jvazquez-r7 d38adef5cc
Make TOMCAT_PATH optional 2015-05-01 13:54:39 -05:00
jvazquez-r7 d2a7d83f71
Avoid long sleep times 2015-05-01 13:51:52 -05:00
jvazquez-r7 8fcf0c558d
Use single quotes 2015-05-01 13:20:27 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
wchen-r7 4f903a604c Fix #5103, Revert unwanted URI encoding
Fix #5103. By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer 352e170624
more failure reasons 2015-04-16 22:04:11 +02:00
Christian Mehlmauer 8c5890d506
more fixes 2015-04-16 21:56:42 +02:00
Christian Mehlmauer ba6548db75
be consistent about naming 2015-04-16 21:44:56 +02:00
Christian Mehlmauer 4dc402fd3c
moar fail_with's 2015-04-16 21:16:52 +02:00
Jon Cave c6f062d49e Ensure that local variable `upload_path` is defined
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
Pedro Ribeiro 4808d61af3 Add OSVDB id and full disclosure URL 2015-04-09 16:32:22 +01:00
Pedro Ribeiro cf8b92b747 Create zcm_file_upload.rb 2015-04-07 16:05:51 +01:00
William Vu e1af495d21 Add extra release fixes 2015-04-06 13:08:40 -05:00
Tod Beardsley 1e6d895975
Description fixes on #4784, jboss exploit
Also, needed to run through msftidy.

[See #4784]
2015-04-06 12:34:49 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
scriptjunkie 0f7c644fff
Land #4784, JBoss Seam 2 upload exec exploit 2015-04-02 22:32:35 -05:00
Tod Beardsley 4bbec88882
Various other one-off nonhuman author credits
[See #5012]
2015-04-02 15:25:47 -05:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
g0tmi1k 127d07342e Remove trailing space 2015-03-20 01:36:56 +00:00
g0tmi1k 7426e72317 Grammar - traq_plugin_exec 2015-03-20 01:31:01 +00:00
g0tmi1k 5709d49aae Clean up traq_plugin_exec 2015-03-20 01:19:46 +00:00
jvazquez-r7 b6146b1499 Use print_warning 2015-03-12 17:22:03 -05:00
Julian Vilas fe822f8d33 Modify automatic file cleanup 2015-03-10 00:45:20 +01:00
Julian Vilas 0ef303cb6c Fix Java payload 2015-03-10 00:01:27 +01:00
Julian Vilas 2eb0011a99 Autotrigger JSP shell at docBase 2015-03-07 20:41:08 +01:00
Julian Vilas 3be2bde5a2 Use bypass for bulletin S2-020 2015-03-07 19:14:20 +01:00
jvazquez-r7 9f3f8bb727
Merging #3323 work 2015-03-05 15:44:15 -06:00
jvazquez-r7 c388fd49c2 Fix print message 2015-03-05 15:43:54 -06:00
jvazquez-r7 e1a4b046a0 Add support for tomcat 7 to struts_code_exec_classloader 2015-03-05 15:40:24 -06:00
sinn3r 8978b1d7b5 Add a version 2015-03-05 11:29:44 -06:00
Ricardo Almeida 32188f09d6 Update phpmoadmin_exec.rb
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
Ricardo Almeida 95962aab0d Update phpmoadmin_exec.rb
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.

Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
Ricardo Almeida 9530e15c81 Update phpmoadmin_exec.rb
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
Ricardo Almeida c19895ac85 Update phpmoadmin_exec.rb
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
Ricardo Almeida 4d67e0e1bb Add PHPMoAdmin RCE 2015-03-04 18:17:31 +00:00
vulp1n3 69b37976c1 Fix disclosure date. 2015-02-17 17:29:52 -08:00
vulp1n3 a19a5328f1 Add JBoss Seam 2 upload execute module
Versions of the JBoss Seam 2 framework  < 2.2.1CR2 fails to properly
sanitize inputs to some JBoss Expression Language expressions.  As a
result, attackers can gain remote code execution through the
application server.  This module leverages RCE to upload and execute
a meterpreter payload. CVE-2010-1871
2015-02-17 17:25:01 -08:00
jvazquez-r7 1f4fdb5d18
Update from master 2015-02-10 10:47:17 -06:00
William Vu a7156cf4a8
Fix zabbix_script_exec datastore 2015-02-05 02:53:22 -06:00
jvazquez-r7 fbf32669c6 Use single quote 2015-02-04 09:47:27 -06:00
julianvilas de09559cc8 Change HTTP requests to succeed when going through HTTP proxies 2015-02-04 15:32:14 +01:00
Julian Vilas f983c8171e Modify description to match both Struts 1.x and 2.x versions 2015-01-30 12:35:38 +01:00
Julian Vilas 1a11ae4021 Add new references about Struts 1 2015-01-29 23:27:52 +01:00
Julian Vilas 4cc5844baf Add Struts 1 support 2015-01-29 23:12:34 +01:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
jvazquez-r7 d8aa282482 Delete some double quotes 2015-01-22 18:21:25 -06:00
jvazquez-r7 4c72b096b6 Switch variable from file_name to operation 2015-01-22 18:20:11 -06:00
jvazquez-r7 b003d8f750 Do final cleanup 2015-01-22 18:17:14 -06:00
jvazquez-r7 911485f536 Use easier key name 2015-01-22 18:11:48 -06:00
jvazquez-r7 eff49b5fd3 Delete files with Rex::Java::Serialization 2015-01-22 17:59:43 -06:00
jvazquez-r7 37bf66b994 Install instaget with Rex::Java::Serialization 2015-01-22 16:54:49 -06:00
jvazquez-r7 20d7fe631e Auto detect platform without raw streams 2015-01-22 15:15:08 -06:00
jvazquez-r7 ad276f0d52 Retrieve version with Rex::Java::Serialization instead of binary streams 2015-01-22 14:52:19 -06:00
jvazquez-r7 f7aaad1cf1
Delete some extraneous commas 2015-01-19 17:25:45 -06:00
jvazquez-r7 dbc77a2857
Land #4517, @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload
* CVE-2014-5301
2015-01-19 17:23:39 -06:00
jvazquez-r7 6403098fbc Avoid sleep(), survey instead 2015-01-19 17:22:04 -06:00
jvazquez-r7 a6e351ef5d Delete unnecessary request 2015-01-19 17:14:23 -06:00
jvazquez-r7 ed26a2fd77 Avoid modify datastore options 2015-01-19 17:11:31 -06:00
jvazquez-r7 3c0efe4a7e Do minor style changes 2015-01-19 15:36:05 -06:00
jvazquez-r7 ddda0b2f4b Beautify metadata 2015-01-19 14:59:31 -06:00
Pedro Ribeiro 3768cf0a69 Change version to int and add proper timestamp 2015-01-14 22:59:11 +00:00
David Lanner c5cfc11d84 fix cookie regex by removing a space 2015-01-12 23:13:18 -05:00
Pedro Ribeiro c76aec60b0 Add OSVDB id and full disclosure URL 2015-01-08 23:29:38 +00:00
William Vu ea793802cc
Land #4528, mantisbt_php_exec improvements 2015-01-08 04:50:00 -06:00
sinn3r ef97d15158 Fix msftidy and make sure all print_*s in check() are vprint_*s 2015-01-07 12:12:25 -06:00
James Lee 3e80efb5a8
Land #4521, Pandora FMS upload 2015-01-07 11:13:57 -06:00
James Lee 1ccef7dc3c
Shorter timeout so we get shell sooner
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
James Lee efe83a4f31
Whitespace 2015-01-07 10:19:17 -06:00
Christian Mehlmauer 09bd0465cf
fix regex 2015-01-07 11:54:55 +01:00
rcnunez b3def856fd Applied changes recommended by jlee-r7
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer eaad4e0bea
fix check method 2015-01-07 11:01:08 +01:00
Christian Mehlmauer 862af074e9
fix bug 2015-01-07 09:10:50 +01:00
Christian Mehlmauer d007b72ab3
favor include? over =~ 2015-01-07 07:33:16 +01:00
Christian Mehlmauer 4277c20a83
use include? 2015-01-07 06:51:28 +01:00
Christian Mehlmauer 39e33739ea
support for anonymous login 2015-01-07 00:08:04 +01:00
Christian Mehlmauer bf0bdd00df
added some links, use the res variable 2015-01-06 23:25:11 +01:00
Christian Mehlmauer f9f2bc07ac
some improvements to the mantis module 2015-01-06 11:33:45 +01:00
rcnunez 547b7f2752 Syntax and File Upload BugFix
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
Pedro Ribeiro c9b76a806a Create manageengine_auth_upload.rb 2015-01-04 17:05:53 +00:00
Tod Beardsley c1718fa490
Land #4440, git client exploit from @jhart-r7
Also fixes #4435 and makes progress against #4445.
2015-01-01 13:18:43 -06:00
Tod Beardsley d7564f47cc
Move Mercurial option to advanced, update ref url
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley 914c724abe
Rename module
See rapid7#4440
2015-01-01 13:03:17 -06:00
Jon Hart 65977c9762
Add some more useful URLs 2014-12-31 10:54:04 -08:00
Christian Mehlmauer 96fe693c54
update drupal regex 2014-12-30 09:12:39 +01:00
Jon Hart 51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit 2014-12-26 10:39:52 -08:00
Jon Hart a692656ab7
Update comments to reflect reality, minor cleanup 2014-12-23 19:09:45 -08:00
Jon Hart 59f75709ea
Print out malicious URLs that will be used by default 2014-12-23 10:10:31 -08:00