JT
28ca899914
Update phpfilemanager_rce.rb
2015-12-03 18:07:25 +08:00
JT
d63bb4768f
Update phpfilemanager_rce.rb
2015-12-03 14:09:02 +08:00
JT
374b630601
Update phpfilemanager_rce.rb
2015-12-03 13:57:19 +08:00
JT
56b810cb18
Update phpfilemanager_rce.rb
2015-12-03 12:44:41 +08:00
JT
5414f33804
Update phpfilemanager_rce.rb
2015-12-03 12:43:47 +08:00
JT
ab77ab509a
Update phpfilemanager_rce.rb
2015-12-03 12:35:49 +08:00
JT
869caf789f
Update phpfilemanager_rce.rb
2015-12-03 12:34:17 +08:00
JT
a2d51d48cd
Add phpFileManager 0.9.8 Remote Code Execution
2015-12-03 12:11:31 +08:00
HD Moore
16d0d53150
Update Shellshock modules, add Advantech coverage
2015-12-01 10:40:46 -06:00
Spencer McIntyre
dc5e9a1d0a
Support CSRF token in the Jenkins aux cmd module
2015-11-22 17:51:27 -05:00
Louis Sato
9a0f0a7843
Land #6142 , uptime refactor
2015-11-12 16:58:55 -06:00
wchen-r7
ee25cb88b5
Land #6196 , vBulletin 5.1.2 Unserialize Code Execution
2015-11-12 14:38:39 -06:00
wchen-r7
6077617bfd
rm res var name
...
the res variable isn't used
2015-11-12 14:37:47 -06:00
wchen-r7
199ed9ed25
Move vbulletin_unserialize.rb to exploits/multi/http/
...
According to @all3g, this works on Windows too, so we will move
this to multi/http.
2015-11-12 14:36:01 -06:00
JT
a0351133a6
Add more references to this exploit
...
Adding exploit-db doc about China Chopper webshell and details about this webshell in US-CERT.
2015-11-11 09:51:05 +08:00
HD Moore
f86f427d54
Move Compat into Payload so that is actually used
2015-11-09 16:06:05 -06:00
wchen-r7
0cc8165b52
And I forgot to rm the test line
2015-11-06 18:11:27 -06:00
wchen-r7
8f2a716306
I don't really need to override fail_with
2015-11-06 18:11:08 -06:00
wchen-r7
0213da3810
Handle more NilClass bugs
2015-11-06 18:08:51 -06:00
wchen-r7
46fac897bd
Land #6144 , China Chopper Web Shell (Backdoor) module
2015-11-05 18:29:36 -06:00
wchen-r7
ea22583ed1
Update title and description
2015-11-05 18:29:03 -06:00
wchen-r7
27be832c4c
remove the fail_with because it's always triggering anyway
2015-11-05 18:19:46 -06:00
dmohanty-r7
a71d7ae2ae
Land #6089 , @jvazquez-r7 Fix HTTP mixins namespaces
2015-11-05 16:56:41 -06:00
wchen-r7
038cb66937
Use the right module path
2015-11-05 16:16:46 -06:00
nixawk
109e9b6b6e
remove debug info - require 'pry'
2015-11-03 06:52:11 +00:00
nixawk
46fe0c0899
base64 for evasion purposes
2015-11-03 06:42:52 +00:00
nixawk
6c16d2a1ca
caidao's exploit module
2015-11-02 08:54:18 +00:00
Louis Sato
57304a30a8
Land #6139 , remove bad ref links
2015-10-29 16:00:43 -05:00
wchen-r7
8757743821
Update description
2015-10-27 17:39:11 -05:00
wchen-r7
cfe9748962
Deprecate exploits/multi/http/uptime_file_upload
...
Please use uptime_file_upload_1.rb
2015-10-27 17:36:54 -05:00
wchen-r7
0c648eb210
Move to modules/exploits/multi/http/uptime_file_upload_2
...
This exploit is rather similiar to uptime_file_upload.rb, because
they both abuse post2file to upload. The difference is that this
module requires a priv escalation to be able to upload, and the
other one doesn't.
2015-10-27 17:31:31 -05:00
wchen-r7
592fdef93d
Update uptime_code_exec
2015-10-27 17:29:55 -05:00
wchen-r7
5b86d2ef95
Fix #6133 , update description, authors and references
...
Fix #6133
Thank you @japp-0xlabs
2015-10-27 14:38:18 -05:00
wchen-r7
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
wchen-r7
0d9ebe13a1
Modify check
2015-10-26 15:25:38 -05:00
JT
4f244c54f8
Update mma_backdoor_upload.rb
2015-10-26 23:01:38 +08:00
JT
ad80f00159
Update mma_backdoor_upload.rb
2015-10-24 11:16:49 +08:00
JT
f461c4682b
Update mma_backdoor_upload.rb
2015-10-24 11:15:26 +08:00
wchen-r7
181e7c4c75
Update metadata
2015-10-23 17:22:31 -05:00
wchen-r7
01c2641c6b
Change print_*
2015-10-23 16:27:52 -05:00
wchen-r7
3c961f61a7
Modify check to use Nokogiri
2015-10-23 14:29:16 -05:00
wchen-r7
6f02cedff8
Move method create_exec_service
2015-10-23 13:10:00 -05:00
Ewerson Guimaraes (Crash)
2828653f8f
Update uptime_code_exec.rb
2015-10-23 11:49:21 +02:00
Ewerson Guimaraes (Crash)
5539363218
Update uptime_code_exec.rb
2015-10-23 11:33:59 +02:00
JT
be89cb32c9
Th3 MMA mma.php Backdoor Arbitrary File Upload
2015-10-23 08:47:40 +08:00
wchen-r7
f06d7591d6
Add header for zpanel_information_disclosure_rce.rb
2015-10-20 16:19:44 -05:00
wchen-r7
70b005de7f
Land #6041 , Zpanel info disclosure exploit
2015-10-20 16:08:16 -05:00
wchen-r7
728fd17856
Make code changes for zpanel_information_disclosure_rce.rb
...
Use Nokogiri and URI, as well as indent fixes and other things
2015-10-20 16:07:02 -05:00
jvazquez-r7
28ca34c40a
Fix conflicts
2015-10-16 15:38:59 -05:00
wchen-r7
c399d7e381
Land #5959 , Add Nibbleblog File Upload Vuln
2015-10-16 15:30:13 -05:00
wchen-r7
9666660c06
Enforce check and add another error message
2015-10-16 15:29:12 -05:00
jvazquez-r7
4517270627
Fix modules using Msf::HTTP::JBoss
2015-10-15 11:49:15 -05:00
HD Moore
d67b55d195
Fix autofilter values for aggressive modules
2015-10-13 15:56:18 -07:00
brent morris
28454f3b2e
MSFTidyness
2015-10-08 12:59:46 -04:00
wchen-r7
871f46a14e
Land #6038 , ManageEngine ServiceDesk Plus Arbitrary File Upload
2015-10-07 15:17:58 -05:00
wchen-r7
dddfaafac7
Update reference
2015-10-07 15:17:22 -05:00
brent morris
5eff3e5637
Removed hard tabs
2015-10-02 14:34:00 -04:00
brent morris
4ee7ba05aa
Removing hard tabs test
2015-10-02 14:31:46 -04:00
brent morris
6406a66bc0
Remove Ranking
2015-10-02 14:24:46 -04:00
brent morris
9f71fd9bfd
Formatting ZPanel Exploit
2015-10-02 14:23:07 -04:00
brent morris
89a50c20d0
Added Zpanel Exploit
2015-10-02 13:29:53 -04:00
William Vu
a773627d26
Land #5946 , simple_backdoors_exec module
2015-10-02 11:18:29 -05:00
Pedro Ribeiro
659a09f7d2
Create manageengine_sd_uploader.rb
2015-10-02 16:04:05 +01:00
JT
33916997a4
Update zemra_panel_rce.rb
...
revised the name and the description
2015-10-02 09:49:59 +08:00
JT
fa1391de87
Update simple_backdoors_exec.rb
...
Updating the code as suggested
2015-10-02 07:53:15 +08:00
JT
501325d9f4
Update zemra_panel_rce.rb
2015-10-02 06:48:34 +08:00
JT
2802b3ca43
Update zemra_panel_rce.rb
...
sticking res
2015-10-02 00:00:30 +08:00
JT
5c5f3a4e7f
Update zemra_panel_rce.rb
...
called http_send_command right away :)
2015-10-01 23:39:36 +08:00
JT
66560d5339
Update zemra_panel_rce.rb
2015-10-01 19:16:23 +08:00
JT
a7fa939fda
Zemra Botnet C2 Web Panel Remote Code Execution
...
This module exploits the C2 web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra.
2015-09-30 19:24:21 +08:00
JT
2de6c77fa2
Update simple_backdoors_exec.rb
2015-09-30 18:11:05 +08:00
JT
46adceec8f
Update simple_backdoors_exec.rb
2015-09-29 10:40:28 +08:00
JT
dd650409e4
Update simple_backdoors_exec.rb
2015-09-29 08:05:13 +08:00
JT
e185277ac5
Update simple_backdoors_exec.rb
2015-09-24 14:14:23 +08:00
JT
56a551313c
Update simple_backdoors_exec.rb
2015-09-24 13:54:40 +08:00
JT
192369607d
Update simple_backdoors_exec.rb
...
updated the string 'echo me' to a random text
2015-09-24 13:49:33 +08:00
JT
9e6d3940b3
Update simple_backdoors_exec.rb
2015-09-13 23:30:14 +08:00
wchen-r7
602a12a1af
typo
2015-09-10 18:28:42 -05:00
Roberto Soares
68521da2ce
Fix check method.
2015-09-10 04:40:12 -03:00
Roberto Soares
4566f47ac5
Fix check method.
2015-09-10 03:56:46 -03:00
Roberto Soares
0ba03f7a06
Fix words.
2015-09-09 21:27:57 -03:00
Roberto Soares
bc3f5b43ab
Removerd WordPress mixin.
2015-09-09 21:26:15 -03:00
Roberto Soares
4e31dd4e9f
Add curesec team as vuln discovery.
2015-09-09 21:13:51 -03:00
Roberto Soares
6336301df3
Add Nibbleblog File Upload Vulnerability
2015-09-09 21:05:36 -03:00
Roberto Soares
d3aa61d6a0
Move bolt_file_upload.rb to exploits/multi/http
2015-09-09 13:41:44 -03:00
JT
31a8907385
Update simple_backdoors_exec.rb
2015-09-09 08:30:21 +08:00
JT
4e23bba14c
Update simple_backdoors_exec.rb
...
removing the parenthesis for the if statements
2015-09-08 15:47:38 +08:00
JT
002aada59d
Update simple_backdoors_exec.rb
...
changed shell to res
2015-09-08 14:54:26 +08:00
JT
467f9a8353
Update simple_backdoors_exec.rb
2015-09-08 14:45:54 +08:00
JT
37c28ddefb
Update simple_backdoors_exec.rb
...
Updated the description
2015-09-08 13:42:12 +08:00
JT
0f8123ee23
Simple Backdoor Shell Remote Code Execution
2015-09-08 13:08:47 +08:00
Ewerson Guimaraes (Crash)
944f47b064
Update
...
Check nil
Removed headers
Fixed url normalization
2015-09-05 10:07:58 +02:00
Ewerson Guimaraes (Crash)
68d27acd69
Update
...
Add exploit-db references
nil check to version
2015-09-04 23:18:24 +02:00
Ewerson Guimaraes (Crash)
5b5e97f37a
Update
...
Add normalize_uri
Change print_status tp vprint_status
Removed unused http headers
an other minor changes
2015-09-04 22:12:42 +02:00
Ewerson Guimaraes (Crash)
5063acac3c
Poorly designed argument fixed
...
Poorly designed argument fixed
2015-09-04 19:43:49 +02:00
HD Moore
04d622b69b
Cleanup Jenkins-CI module titles and option descriptions
2015-09-04 10:25:51 -07:00
Ewerson Guimaraes (Crash)
cf8b34191d
Updates
...
Add Def for cgi request.
2015-09-04 19:19:02 +02:00
James Lee
b2c401696b
Add certutil support.
...
Tested while landing #5736
2015-09-03 14:24:37 -05:00
James Lee
1e6a1f6d05
Revert "Fix spec like I shoulda done before landing #5736"
...
This reverts commit 956c8e550d
.
Conflicts:
spec/lib/rex/exploitation/cmdstager/certutil_spec.rb
2015-09-03 14:18:55 -05:00
Ewerson Guimaraes (Crash)
92aa09a586
Merge remote-tracking branch 'rapid7/master' into Uptime
2015-09-03 20:48:50 +02:00
Ewerson Guimaraes (Crash)
6250983fb4
Update
...
Update
2015-09-03 20:29:57 +02:00
James Lee
b4547711f3
Add certutil support.
...
Tested while landing #5736
2015-09-03 13:27:10 -05:00
HD Moore
cd65478d29
Land #5826 , swap ExitFunction -> EXITFUNC
2015-09-01 13:58:12 -05:00
Christian Mehlmauer
3e613dc333
change exitfunc to thread
2015-09-01 10:43:45 +02:00
Christian Mehlmauer
648c034d17
change exitfunc to thread
2015-09-01 10:42:15 +02:00
Ewerson Guimaraes (Crash)
252e80e793
Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
...
Uptime Version 7.4.0 / 7.5.0 Upload and Exec file
2015-08-31 23:57:39 +02:00
Brent Cook
d670a62000
Land #5822 , migrate obsolete payload compatibility options
2015-08-31 15:20:20 -05:00
Christian Mehlmauer
80a22412d9
use EXITFUNC instead of ExitFunction
2015-08-13 21:22:32 +02:00
William Vu
c94a185610
Land #5697 , Werkzeug debug RCE
2015-08-13 13:32:27 -05:00
William Vu
d54ee19ce9
Clean up module
2015-08-13 13:32:22 -05:00
jvazquez-r7
203c231b74
Fix #5659 : Update CMD exploits payload compatibility options
2015-08-10 17:12:59 -05:00
h00die
eab9b3bf5b
interpolation fix on secret
2015-08-01 14:39:12 -04:00
h00die
ceb49a51a6
thanks @espreto for help
2015-08-01 11:11:37 -04:00
h00die
4561241609
updates per @jvazquez-r7 comments
2015-07-24 20:34:40 -04:00
jvazquez-r7
2c9183fa56
Return check code
2015-07-24 16:14:43 -05:00
jvazquez-r7
a163606513
Delete unused SLEEP option
2015-07-24 15:29:56 -05:00
jvazquez-r7
1b1ac09d2a
Merge to solve conflicts
2015-07-24 15:24:29 -05:00
Tod Beardsley
cadb03bac0
Fix my own blasted typo, ty @wvu-r7
2015-07-20 17:14:34 -05:00
Tod Beardsley
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
Tod Beardsley
ab6204ca2e
Correct spelling of sysaid module
...
First landed in #5473 .
2015-07-20 16:21:50 -05:00
Pedro Ribeiro
3fe165a265
Remove whitespace at the end
2015-07-18 20:18:34 +01:00
Pedro Ribeiro
70a2247941
Pick target is not needed...
2015-07-18 20:12:49 +01:00
Pedro Ribeiro
7483e77bba
Fix Linux target by trying again if exploit fails
2015-07-18 20:12:13 +01:00
jvazquez-r7
4e6b00fe31
Land #5473 , @pedrib's exploit for Sysaid CVE-2015-2994
...
* sysaid rdslogs arbitrary file upload
2015-07-17 12:10:40 -05:00
jvazquez-r7
00adbd7f64
Fix quotes
2015-07-17 12:09:54 -05:00
jvazquez-r7
57c4a3387b
Fix paths for windows and cleanup
2015-07-17 12:09:18 -05:00
jvazquez-r7
46ffb97c1c
Land #5471 , @pedrib's module for SysAid CVE-2015-2994
...
* sysaid arbitrary file upload
2015-07-17 11:27:22 -05:00
jvazquez-r7
309a86ec57
Do code cleanup
2015-07-17 11:26:54 -05:00
h00die
57f62ffa76
changed URI to TARGETURI as per comments
2015-07-13 20:18:45 -04:00
h00die
8819674522
updated per feedback from PR
2015-07-11 21:03:02 -04:00
h00die
bff92f2304
Initial add
2015-07-10 21:13:12 -04:00
h00die
1d50bda609
initial add of blank file
2015-06-27 21:38:25 -04:00
jvazquez-r7
a10fa02b00
Land #5606 , @wchen-r7's glassfish fixes
2015-06-26 14:12:50 -05:00
wchen-r7
3b5e2a0c6e
Use TARGETURI
2015-06-26 14:02:17 -05:00
wchen-r7
b46e1be22f
Land #5371 , Add file checking to the on_new_session cleanup
2015-06-26 13:33:57 -05:00
wchen-r7
c70e38a14e
Do more reporting
2015-06-25 22:39:56 -05:00
wchen-r7
5ef4cc2bb4
Save creds
2015-06-25 17:10:20 -05:00
wchen-r7
1a371b11b0
Update description
2015-06-25 17:04:31 -05:00
wchen-r7
c330d10403
Make SSL as a basic option
...
Also:
Fix #5558
2015-06-25 02:06:51 -05:00
wchen-r7
5c98da05fb
This works for Glassfish 4.0 & 9.1
2015-06-25 01:58:24 -05:00
wchen-r7
c826785ebb
Fix auth bypass
2015-06-24 19:49:04 -05:00
wchen-r7
8e4fa80728
This looks good so far
2015-06-24 19:30:02 -05:00
wchen-r7
380af29482
Progress?
2015-06-24 14:17:45 -05:00
wchen-r7
6046994138
version does not return nil
2015-06-23 10:31:01 -05:00
Pedro Ribeiro
ea49fd2fdc
Update sysaid_rdslogs_fle_upload.rb
2015-06-20 16:59:28 +01:00
Pedro Ribeiro
3181d76e63
Update sysaid_auth_file_upload.rb
2015-06-20 16:53:33 +01:00
William Vu
b994801172
Revert auto tab replacement
2015-06-19 11:22:40 -05:00
g0tmi1k
ce9481d2b7
Inconstancy - If datastore['VERBOSE'] vs vprint
2015-06-18 09:27:01 +01:00
Pedro Ribeiro
d5b33a0074
Update sysaid_rdslogs_fle_upload.rb
2015-06-03 22:01:13 +01:00
Pedro Ribeiro
37827be10f
Update sysaid_auth_file_upload.rb
2015-06-03 22:00:44 +01:00
Pedro Ribeiro
62993c35d3
Create sysaid_rdslogs_fle_upload.rb
2015-06-03 21:45:14 +01:00
Pedro Ribeiro
193b7bcd2e
Create sysaid_auth_file_upload.rb
2015-06-03 21:44:02 +01:00
jvazquez-r7
0fb21af247
Verify deletion at on_new_session moment
2015-05-11 18:56:18 -05:00
William Vu
71518ef613
Land #5303 , metasploit-payloads Java binaries
2015-05-07 22:39:54 -05:00
William Vu
2f2169af90
Use single quotes consistently
2015-05-07 22:39:36 -05:00
Brent Cook
a066105a86
prefer reading directly with MetasploitPayloads where possible
2015-05-07 16:59:02 -05:00
William Vu
b8c7161819
Fix up NameError'd payload_exe
2015-05-06 11:34:05 -05:00
Brent Cook
a0c806c213
Update java meterpreter and payload references to use metasploit-payloads
2015-05-05 15:01:00 -05:00
jvazquez-r7
a531ad9ec2
Land #5096 , @pedrib's exploit for Novell ZCM CVE-2015-0779
2015-05-01 14:35:28 -05:00
jvazquez-r7
0ff33572a7
Fix waiting loop
2015-05-01 14:34:43 -05:00
jvazquez-r7
645f239d94
Change module filename
2015-05-01 14:18:34 -05:00
jvazquez-r7
11a3f59b0b
Return false if there isn't a positive answer
2015-05-01 14:06:57 -05:00
jvazquez-r7
093c2e3ace
Do minor style cleanup
2015-05-01 13:56:48 -05:00
jvazquez-r7
d38adef5cc
Make TOMCAT_PATH optional
2015-05-01 13:54:39 -05:00
jvazquez-r7
d2a7d83f71
Avoid long sleep times
2015-05-01 13:51:52 -05:00
jvazquez-r7
8fcf0c558d
Use single quotes
2015-05-01 13:20:27 -05:00
jvazquez-r7
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
wchen-r7
4f903a604c
Fix #5103 , Revert unwanted URI encoding
...
Fix #5103 . By default, Httpclient will encode the URI but
we don't necessarily want that. These modules originally
didn't use URI encoding when they were written so we should
just keep them that way.
2015-04-17 13:59:49 -05:00
Christian Mehlmauer
352e170624
more failure reasons
2015-04-16 22:04:11 +02:00
Christian Mehlmauer
8c5890d506
more fixes
2015-04-16 21:56:42 +02:00
Christian Mehlmauer
ba6548db75
be consistent about naming
2015-04-16 21:44:56 +02:00
Christian Mehlmauer
4dc402fd3c
moar fail_with's
2015-04-16 21:16:52 +02:00
Jon Cave
c6f062d49e
Ensure that local variable `upload_path` is defined
...
Merge `upload_payload` and `parse_upload_response` so that the
`upload_path` variable is defined for use in error messages in the event
of failure.
2015-04-10 10:58:20 +01:00
Pedro Ribeiro
4808d61af3
Add OSVDB id and full disclosure URL
2015-04-09 16:32:22 +01:00
Pedro Ribeiro
cf8b92b747
Create zcm_file_upload.rb
2015-04-07 16:05:51 +01:00
William Vu
e1af495d21
Add extra release fixes
2015-04-06 13:08:40 -05:00
Tod Beardsley
1e6d895975
Description fixes on #4784 , jboss exploit
...
Also, needed to run through msftidy.
[See #4784 ]
2015-04-06 12:34:49 -05:00
William Vu
56dc7afea6
Land #5068 , @todb-r7's module author cleanup
2015-04-03 16:00:36 -05:00
scriptjunkie
0f7c644fff
Land #4784 , JBoss Seam 2 upload exec exploit
2015-04-02 22:32:35 -05:00
Tod Beardsley
4bbec88882
Various other one-off nonhuman author credits
...
[See #5012 ]
2015-04-02 15:25:47 -05:00
Tod Beardsley
6532fad579
Remove credits to Alligator Security Team
...
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.
The one that didn't was credited to dflah_ specifically, so merely
changed the author name.
Longer description, if needed, wrapped at 72 characters.
[See #5012 ]
2015-04-02 15:12:22 -05:00
g0tmi1k
127d07342e
Remove trailing space
2015-03-20 01:36:56 +00:00
g0tmi1k
7426e72317
Grammar - traq_plugin_exec
2015-03-20 01:31:01 +00:00
g0tmi1k
5709d49aae
Clean up traq_plugin_exec
2015-03-20 01:19:46 +00:00
jvazquez-r7
b6146b1499
Use print_warning
2015-03-12 17:22:03 -05:00
Julian Vilas
fe822f8d33
Modify automatic file cleanup
2015-03-10 00:45:20 +01:00
Julian Vilas
0ef303cb6c
Fix Java payload
2015-03-10 00:01:27 +01:00
Julian Vilas
2eb0011a99
Autotrigger JSP shell at docBase
2015-03-07 20:41:08 +01:00
Julian Vilas
3be2bde5a2
Use bypass for bulletin S2-020
2015-03-07 19:14:20 +01:00
jvazquez-r7
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
jvazquez-r7
c388fd49c2
Fix print message
2015-03-05 15:43:54 -06:00
jvazquez-r7
e1a4b046a0
Add support for tomcat 7 to struts_code_exec_classloader
2015-03-05 15:40:24 -06:00
sinn3r
8978b1d7b5
Add a version
2015-03-05 11:29:44 -06:00
Ricardo Almeida
32188f09d6
Update phpmoadmin_exec.rb
...
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
Ricardo Almeida
95962aab0d
Update phpmoadmin_exec.rb
...
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.
Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
Ricardo Almeida
9530e15c81
Update phpmoadmin_exec.rb
...
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
Ricardo Almeida
c19895ac85
Update phpmoadmin_exec.rb
...
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
Ricardo Almeida
4d67e0e1bb
Add PHPMoAdmin RCE
2015-03-04 18:17:31 +00:00
vulp1n3
69b37976c1
Fix disclosure date.
2015-02-17 17:29:52 -08:00
vulp1n3
a19a5328f1
Add JBoss Seam 2 upload execute module
...
Versions of the JBoss Seam 2 framework < 2.2.1CR2 fails to properly
sanitize inputs to some JBoss Expression Language expressions. As a
result, attackers can gain remote code execution through the
application server. This module leverages RCE to upload and execute
a meterpreter payload. CVE-2010-1871
2015-02-17 17:25:01 -08:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
William Vu
a7156cf4a8
Fix zabbix_script_exec datastore
2015-02-05 02:53:22 -06:00
jvazquez-r7
fbf32669c6
Use single quote
2015-02-04 09:47:27 -06:00
julianvilas
de09559cc8
Change HTTP requests to succeed when going through HTTP proxies
2015-02-04 15:32:14 +01:00
Julian Vilas
f983c8171e
Modify description to match both Struts 1.x and 2.x versions
2015-01-30 12:35:38 +01:00
Julian Vilas
1a11ae4021
Add new references about Struts 1
2015-01-29 23:27:52 +01:00
Julian Vilas
4cc5844baf
Add Struts 1 support
2015-01-29 23:12:34 +01:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
d8aa282482
Delete some double quotes
2015-01-22 18:21:25 -06:00
jvazquez-r7
4c72b096b6
Switch variable from file_name to operation
2015-01-22 18:20:11 -06:00
jvazquez-r7
b003d8f750
Do final cleanup
2015-01-22 18:17:14 -06:00
jvazquez-r7
911485f536
Use easier key name
2015-01-22 18:11:48 -06:00
jvazquez-r7
eff49b5fd3
Delete files with Rex::Java::Serialization
2015-01-22 17:59:43 -06:00
jvazquez-r7
37bf66b994
Install instaget with Rex::Java::Serialization
2015-01-22 16:54:49 -06:00
jvazquez-r7
20d7fe631e
Auto detect platform without raw streams
2015-01-22 15:15:08 -06:00
jvazquez-r7
ad276f0d52
Retrieve version with Rex::Java::Serialization instead of binary streams
2015-01-22 14:52:19 -06:00
jvazquez-r7
f7aaad1cf1
Delete some extraneous commas
2015-01-19 17:25:45 -06:00
jvazquez-r7
dbc77a2857
Land #4517 , @pedrib's exploit for ManageEngine Multiple Products Authenticated File Upload
...
* CVE-2014-5301
2015-01-19 17:23:39 -06:00
jvazquez-r7
6403098fbc
Avoid sleep(), survey instead
2015-01-19 17:22:04 -06:00
jvazquez-r7
a6e351ef5d
Delete unnecessary request
2015-01-19 17:14:23 -06:00
jvazquez-r7
ed26a2fd77
Avoid modify datastore options
2015-01-19 17:11:31 -06:00
jvazquez-r7
3c0efe4a7e
Do minor style changes
2015-01-19 15:36:05 -06:00
jvazquez-r7
ddda0b2f4b
Beautify metadata
2015-01-19 14:59:31 -06:00
Pedro Ribeiro
3768cf0a69
Change version to int and add proper timestamp
2015-01-14 22:59:11 +00:00
David Lanner
c5cfc11d84
fix cookie regex by removing a space
2015-01-12 23:13:18 -05:00
Pedro Ribeiro
c76aec60b0
Add OSVDB id and full disclosure URL
2015-01-08 23:29:38 +00:00
William Vu
ea793802cc
Land #4528 , mantisbt_php_exec improvements
2015-01-08 04:50:00 -06:00
sinn3r
ef97d15158
Fix msftidy and make sure all print_*s in check() are vprint_*s
2015-01-07 12:12:25 -06:00
James Lee
3e80efb5a8
Land #4521 , Pandora FMS upload
2015-01-07 11:13:57 -06:00
James Lee
1ccef7dc3c
Shorter timeout so we get shell sooner
...
The request to execute our payload will never return, so waiting for the
default timeout (20 seconds) is pointless.
2015-01-07 11:11:33 -06:00
James Lee
efe83a4f31
Whitespace
2015-01-07 10:19:17 -06:00
Christian Mehlmauer
09bd0465cf
fix regex
2015-01-07 11:54:55 +01:00
rcnunez
b3def856fd
Applied changes recommended by jlee-r7
...
used Rex::ConnectionError
refactor begin/rescue blocks
removed ::URI::InvalidURIError
changed @peer with peer
used Exploit::CheckCode:Appears instead of Exploit::CheckCode::Vulnerable
2015-01-07 18:38:19 +08:00
Christian Mehlmauer
eaad4e0bea
fix check method
2015-01-07 11:01:08 +01:00
Christian Mehlmauer
862af074e9
fix bug
2015-01-07 09:10:50 +01:00
Christian Mehlmauer
d007b72ab3
favor include? over =~
2015-01-07 07:33:16 +01:00
Christian Mehlmauer
4277c20a83
use include?
2015-01-07 06:51:28 +01:00
Christian Mehlmauer
39e33739ea
support for anonymous login
2015-01-07 00:08:04 +01:00
Christian Mehlmauer
bf0bdd00df
added some links, use the res variable
2015-01-06 23:25:11 +01:00
Christian Mehlmauer
f9f2bc07ac
some improvements to the mantis module
2015-01-06 11:33:45 +01:00
rcnunez
547b7f2752
Syntax and File Upload BugFix
...
Fix unexpected ) in line 118
Fix file cleanup missing _
Fix more robust version check script
Fix file upload
2015-01-05 19:23:22 +08:00
Pedro Ribeiro
c9b76a806a
Create manageengine_auth_upload.rb
2015-01-04 17:05:53 +00:00
Tod Beardsley
c1718fa490
Land #4440 , git client exploit from @jhart-r7
...
Also fixes #4435 and makes progress against #4445 .
2015-01-01 13:18:43 -06:00
Tod Beardsley
d7564f47cc
Move Mercurial option to advanced, update ref url
...
See #4440
2015-01-01 13:08:36 -06:00
Tod Beardsley
914c724abe
Rename module
...
See rapid7#4440
2015-01-01 13:03:17 -06:00
Jon Hart
65977c9762
Add some more useful URLs
2014-12-31 10:54:04 -08:00
Christian Mehlmauer
96fe693c54
update drupal regex
2014-12-30 09:12:39 +01:00
Jon Hart
51049152b6
Use Rex::Text.rand_mail_address for more realistic fake commit
2014-12-26 10:39:52 -08:00
Jon Hart
a692656ab7
Update comments to reflect reality, minor cleanup
2014-12-23 19:09:45 -08:00
Jon Hart
59f75709ea
Print out malicious URLs that will be used by default
2014-12-23 10:10:31 -08:00