infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
38,501 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

823 Commits (61f9cc360b6bb555237cf106f5beddffd9a0aa16)

Author SHA1 Message Date
wchen-r7 61f9cc360b Correct casing - should be HttpUsername and HttpPassword 2016-05-27 18:31:54 -05:00
wchen-r7 4dcddb2399 Fix #4885, Support basic and form auth at the same time 
When a module uses the HttpClient mixin but registers the USERNAME
and PASSWORD datastore options in order to perform a form auth,
it ruins the ability to also perform a basic auth (sometimes it's
possible to see both). To avoid option naming conflicts, basic auth
options are now HTTPUSERNAME and HTTPPASSWORD.

Fix #4885
 2016-05-27 16:25:42 -05:00
wchen-r7 14e1baf331 Minor style changes 2016-05-25 15:39:26 -05:00
rastating 19c4d5b02b Remove hard coded target path 2016-05-25 18:04:26 +01:00
rastating adb8098b8c Fix typo 2016-05-24 00:16:04 +01:00
rastating aae7c25603 Add WordPress Ninja Forms unauthenticated file upload module 2016-05-23 23:47:41 +01:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names" 
This reverts commit 666ae14259.
 2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
James Lee 12256a6423
Remove now-redundant peer 
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
 2016-02-01 15:12:03 -06:00
rastating a7cd5991ac Add encoding of the upload path into the module 2016-01-17 22:44:41 +00:00
rastating 5660c1238b Fix problem causing upload to fail on versions 1.2 and 1.3 of theme 2016-01-17 18:44:00 +00:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings 
Fix the affected modules
 2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
William Vu b2d6458f50
Land #6129, Joomla SQLi RCE 2015-11-20 14:30:23 -06:00
HD Moore f86f427d54 Move Compat into Payload so that is actually used 2015-11-09 16:06:05 -06:00
William Vu 2df149b0a5
Land #6189, extraneous Content-Length fix 2015-11-06 14:36:40 -06:00
William Vu 3cae7999aa Prefer ctype over headers['Content-Type'] 2015-11-06 14:36:21 -06:00
wchen-r7 f957acf9ba Fix Framework Rspec Failure 
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
 2015-11-06 13:56:05 -06:00
wchen-r7 fb9a40f15c
Land #6103, Add WordPress Plugin Ajax Load More Auth File Upload Vuln 2015-11-06 13:18:48 -06:00
wchen-r7 73f630b25a Note default.php 2015-11-06 13:18:24 -06:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
pyllyukko 4390fda513
Remove extra Content-Length HTTP header 
The send_request_raw already sets the header and if it's set also in the
module, Metasploit sends the header twice.
 2015-11-05 14:38:06 +02:00
wchen-r7 154fb585f4 Remove bad references (dead links) 
These links are no longer available. They are dead links.
 2015-10-27 12:41:32 -05:00
xistence f632dd8f67 Add Joomla Content History SQLi RCE exploit module 2015-10-23 17:25:44 +07:00
William Vu 997e8005ce Fix nil http_method in php_include 2015-10-21 13:22:09 -05:00
Roberto Soares ba75e85eb3 Add WP Ajax Load More Plugin File Upload Vuln. 2015-10-17 13:30:36 -03:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
HD Moore d67b55d195 Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 115f409fef
change exitfunc to thread 2015-09-01 10:48:07 +02:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
William Vu 405261df4f
Land #5710, php_wordpress_total_cache removal 
Deprecated.
 2015-07-13 18:33:12 +00:00
William Vu 3feef639b9
Land #5711, php_wordpress_optimizepress removal 
Deprecated.
 2015-07-13 18:32:37 +00:00
William Vu 6e12cbf98f
Land #5712, php_wordpress_lastpost removal 
Deprecated.
 2015-07-13 18:31:31 +00:00
William Vu dd188b1943
Land #5713, php_wordpress_infusionsoft removal 
Deprecated.
 2015-07-13 18:31:01 +00:00
wchen-r7 4960e64597 Remove php_wordpress_foxypress, use wp_foxypress_upload 
Please use exploit/unix/webapp/wp_foxypress_upload instead.
 2015-07-13 12:53:34 -05:00
wchen-r7 dfbeb24a8f Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload 
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
 2015-07-13 12:51:48 -05:00
wchen-r7 b80427aed2 Remove php_wordpress_lastpost, use wp_lastpost_exec instead. 
Please use exploit/unix/webapp/wp_lastpost_exec instead
 2015-07-13 12:49:27 -05:00
wchen-r7 90cc3f7891 Remove php_wordpress_optimizepress, use wp_optimizepress_upload 
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
 2015-07-13 12:45:39 -05:00