Tod Beardsley
62a679ebb8
Avoid version numbers in titles
...
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
rastating
40c92f5fe3
Add URL reference
2015-02-14 13:09:37 +00:00
rastating
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
Christian Mehlmauer
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
Christian Mehlmauer
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
jvazquez-r7
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
jvazquez-r7
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
rastating
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
rastating
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
rastating
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
rastating
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
Christian Mehlmauer
6d46182c2f
Land #4570 , @rastating 's module for wp-easycart
2015-02-07 23:42:23 +01:00
Christian Mehlmauer
f2b834cebe
remove check because the vuln is unpatched
2015-02-07 23:38:44 +01:00
Christian Mehlmauer
d2421a2d75
wrong version
2015-02-07 23:34:19 +01:00
Christian Mehlmauer
56d2bc5adb
correct version number
2015-02-07 23:22:43 +01:00
rastating
345d5c5c08
Update version numbers to reflect latest release
2015-02-07 19:09:16 +00:00
jvazquez-r7
1ea4a326c1
Land #4656 , @nanomebia's fixes for sugarcrm_unserialize_exec
2015-02-06 16:42:01 -06:00
jvazquez-r7
e511f72ab4
Delete final check
...
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
Tod Beardsley
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
jvazquez-r7
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
jvazquez-r7
28f303d431
Decrease timeout
2015-02-03 17:33:29 -06:00
jvazquez-r7
a1c157a4db
Land #4609 , @h0ng10's module for Wordpress Pixabay Images PHP Code Upload
2015-02-03 17:01:32 -06:00
jvazquez-r7
eebee7c066
Do better session creation handling
2015-02-03 17:00:37 -06:00
jvazquez-r7
4ca4fd1be2
Allow to provide the traversal depth
2015-02-03 16:38:40 -06:00
jvazquez-r7
e62a5a4fff
Make the calling payload code easier
2015-02-03 16:23:04 -06:00
jvazquez-r7
61cdb5dfc9
Change filename
2015-02-03 16:13:10 -06:00
jvazquez-r7
82be43ea58
Do minor cleanup
2015-02-03 16:07:27 -06:00
Christian Mehlmauer
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
Nanomebia
d04fd3b978
Fixing Indentation
...
Small indentation fix
2015-01-29 13:03:19 +08:00
Nanomebia
af90c6482b
Sanity Changes
...
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
Nanomebia
27c412341f
Syntax Changes
...
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
Nanomebia
fc3094ec9b
Syntax changes
...
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
Nanomebia
321eb452c5
Syntax Fixes
...
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
Nanomebia
fefc3d088c
Cookie fix and success display
...
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check. Also
fixed the success display - changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
Hans-Martin Münch (h0ng10)
419fa93897
Add OSVDB and WPScan references
2015-01-23 09:27:42 +01:00
Hans-Martin Münch (h0ng10)
dfbbc79e0d
make retries a datastore option
2015-01-23 09:23:09 +01:00
Hans-Martin Münch (h0ng10)
11bf58e548
Use metasploit methods
2015-01-23 08:48:52 +01:00
rastating
9d3397901b
Correct version numbers and code tidy up
2015-01-19 20:59:46 +00:00
Hans-Martin Münch (h0ng10)
5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
rastating
8a89b3be28
Cleanup of various bits of code
2015-01-13 22:20:40 +00:00
rastating
8246f4e0bb
Add ability to use both WP and EC attack vectors
2015-01-12 23:30:59 +00:00
rastating
e6f6acece9
Add a date hash to the post data
2015-01-12 21:21:50 +00:00
rastating
ea37e2e198
Add WP EasyCart file upload exploit module
2015-01-10 21:05:02 +00:00
Christian Mehlmauer
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
rastating
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
rastating
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
rastating
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
sinn3r
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
jvazquez-r7
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
Brendan Coles
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
Tod Beardsley
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
Jon Hart
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
Jon Hart
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
Jon Hart
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
Brendan Coles
4530066187
return nil
2014-12-15 01:04:39 +11:00
Brendan Coles
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
jvazquez-r7
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
Tod Beardsley
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
jvazquez-r7
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
jvazquez-r7
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
Jon Hart
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
jvazquez-r7
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
jvazquez-r7
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
Jon Hart
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
jvazquez-r7
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
jvazquez-r7
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
Jon Hart
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
Jon Hart
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
jvazquez-r7
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
jvazquez-r7
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
jvazquez-r7
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
Christian Mehlmauer
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
Marc Wickenden
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
EgiX
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
Brendan Coles
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
Christian Mehlmauer
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
Christian Mehlmauer
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
HD Moore
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
Tod Beardsley
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
sinn3r
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
Deral Heiland
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
Deral Heiland
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
Deral Heiland
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
jvazquez-r7
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
jvazquez-r7
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
jvazquez-r7
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
jvazquez-r7
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
jvazquez-r7
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
jvazquez-r7
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
us3r777
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
us3r777
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
URI Assassin
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
us3r777
444b01c4b0
Typo + shorten php serialized object
2014-10-12 21:29:04 +02:00
us3r777
2428688565
CVE-2014-7228 Joomla/Akeeba Kickstart RCE
...
Exploit via serialiazed PHP object injection. The Joomla! must be
updating more precisely, the file $JOOMLA_WEBROOT/administrator/
components/com_joomlaupdate/restoration.php must be present
2014-10-09 18:51:24 +02:00
Christian Mehlmauer
1584c4781c
Add reference
2014-10-09 06:58:15 +02:00
jvazquez-r7
4f96d88a2f
Land #3949 , @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload
2014-10-08 16:35:49 -05:00
jvazquez-r7
66a8e7481b
Fix description
2014-10-08 16:35:14 -05:00
jvazquez-r7
8ba8402be3
Update timeout
2014-10-08 16:32:05 -05:00
jvazquez-r7
bbf180997a
Do minor cleanup
2014-10-08 16:29:11 -05:00
us3r777
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
us3r777
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
jvazquez-r7
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
jvazquez-r7
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
jvazquez-r7
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
jvazquez-r7
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
jvazquez-r7
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
jvazquez-r7
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
jvazquez-r7
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
jvazquez-r7
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
sinn3r
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
Brendan Coles
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
Brendan Coles
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
Emilio Pinna
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
Emilio Pinna
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
Emilio Pinna
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
Emilio Pinna
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
Emilio Pinna
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
Emilio Pinna
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
Emilio Pinna
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
Emilio Pinna
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00
Emilio Pinna
ac526ca9bd
Fix print_* to vprint_* in check method
2014-08-11 18:58:11 +02:00
Emilio Pinna
4b4b24b79d
Fix errors printing
2014-08-11 18:54:43 +02:00
Emilio Pinna
c97cd75beb
Rephrase 'Author' section
2014-08-11 18:52:21 +02:00
Emilio Pinna
0138f3648d
Add VMTurbo Operations Manager 'vmtadmin.cgi' Remote Command Execution module.
2014-08-11 16:57:39 +02:00
jvazquez-r7
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
jvazquez-r7
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
jvazquez-r7
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
Christian Mehlmauer
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
Christian Mehlmauer
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
Christian Mehlmauer
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
Christian Mehlmauer
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
Christian Mehlmauer
621e85a32d
Correct version
2014-07-28 22:45:04 +02:00
Christian Mehlmauer
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
jvazquez-r7
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
Christian Mehlmauer
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
Christian Mehlmauer
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
sinn3r
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
Tod Beardsley
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
Christian Mehlmauer
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
Christian Mehlmauer
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
Christian Mehlmauer
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00