013781fb9c
Land #5292 , WordPress custom file version check
2015-05-05 11:21:18 -05:00
18791ce933
Clean up code
2015-05-05 11:19:40 -05:00
55967172be
allow custom regex
2015-05-02 21:06:15 +02:00
9678479abb
check version from custom file
2015-05-02 18:34:10 +02:00
c441ff81a1
Update comment in wordpress/version.rb
...
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version. On line 175 though there is a fixed version, just no introduced version. Adjusting comment text.
2015-05-01 17:05:31 -05:00
4224008709
Delete print_debug/vprint_debug
2015-04-21 11:14:03 -05:00
dc8f266345
fix readme detection bug
2015-04-16 14:57:29 +02:00
9df09a1d60
readme detection
2015-04-16 14:41:30 +02:00
fe5ddc01ad
Fix return documentation
2015-04-03 14:16:06 -05:00
4ba761986f
Correct YARD doc comments
2015-04-02 16:14:25 +05:00
3669fb678d
Fix parameter default value
2015-02-26 21:15:33 +00:00
06cb30a20a
Remove duplicated code
2015-02-24 22:43:59 +00:00
37a55cce74
Abstracted version comparison code
2015-02-22 16:20:46 +00:00
3d38d46729
Add extra version checking methods
...
Added the ability to check style.css for theme versions as version
tagging in style.css is a requirement of WordPress theme development.
Also updated existing readme checking to allow for a nil fixed_version
parameter in scenarios where all versions are vulnerable in an EOL
product.
2015-02-22 16:20:46 +00:00
c820431879
Land #4770 , Wordpress Ultimate CSV Importer user extract module
2015-02-22 08:52:45 +01:00
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
7e1e0f8196
Add plugin upload functionality
2015-02-21 01:20:20 +00:00
e0d87a8886
Update to use store_loot for CSV export
2015-02-17 19:21:31 +00:00
a22f5c1287
Add extra readme check for case sensitive servers
2015-02-14 23:43:04 +00:00
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
03169f231b
Handle one redirection on wordpress_and_online?
2015-01-30 10:26:23 -06:00
c098de27ee
Do safer body check
2015-01-30 10:22:43 -06:00
bc65d2f526
Make filename compatible with namespace
2015-01-30 10:22:07 -06:00
7504358db3
code style and typos
2015-01-30 15:57:32 +01:00
a0eaf2f626
add wordpress ghost scanner module
2015-01-30 15:29:51 +01:00
5b964bba6a
Land #4518 , Wordpress long password DoS
2015-01-18 23:55:06 +01:00
14b1d8dc5f
no space required
2015-01-08 23:43:06 +01:00
f7eb9a6cf8
update wordpress version detection regex
2015-01-08 23:36:59 +01:00
294cd80a08
Update documentation for wordpress_login
2015-01-07 18:32:52 +00:00
e90e98547b
Add configurable timeout to WordPress login
2015-01-07 17:06:31 +00:00
056046f38b
update wordpress readme regex
2015-01-01 23:13:20 +01:00
19effa7eb9
Fix feedback's review
2014-12-06 21:47:55 -06:00
6d07dffa6c
Fix a typo that was preventing WAR deletion
...
I made a typo while refactoring jboss_deploymentfilerepository. This
typo was preventing the WAR payload to be removed after its execution.
2014-10-01 18:04:21 +02:00
47507e1ff1
Slight modifications to pass msftidy
2014-09-29 23:59:12 +02:00
7125a9f047
Added YARD doc to the mixin
...
Also make a slight correction on jboss_deployementfilerepository.rb to
handle nil responses.
2014-09-28 19:44:37 +02:00
02d202dd44
Refactor Jboss mixin
...
Use send_request_cgi and vars_get
rand_text_alpha -> Rex::Text.rand_text_alpha
2014-09-24 22:41:58 +02:00
919eec250d
Refactor auto_target from Jboss mixin
...
Removed fail_with and targets from the mixin.
2014-09-24 22:15:32 +02:00
b8ba2dd703
Fix timeout with HEAD request in delete_file
2014-09-08 18:34:50 +02:00
cc5b852517
Fixed spec for lib/msf/http/jboss
...
Revert commit abdd72e8c6
2014-09-08 17:42:04 +02:00
283e83028f
Fix problem with HEAD requests
...
Split lib/msf/http/jboss/script into
lib/msf/http/jboss/deployment_file_repository_scripts.rb and
lib/msf/http/jboss/bean_shell_scripts.rb as
2014-09-08 14:02:15 +02:00
403eae3579
Jboss file deployment repository refactorization
...
Moved lib/msf/http/jboss/bean_shell_script.rb to
lib/msf/http/jboss/script.rb. Moved head_stager_jsp to script.rb.
Removed stager_jsp to use the function from the mixin.
2014-08-30 13:15:37 +02:00
33f90de7f6
Refactoring jboss module to work with the Mixin
...
Moved upload and delete methods of deploymentfilerepository to the
mixin. Removed call_uri_mtimes method as the module now uses deploy
from the mixin.
2014-08-29 20:08:35 +02:00
af9f3b83a7
Refactoring jboss module to work with the Mixin
...
Removed datastore USERNAME and PASSWORD which are provided by
Msf::Exploit::Remote::HttpClient. Removed datastore PATH and VERB which
are provided by the mixin (lib/msf/http/jboss). Moved target detection
to the mixin.
2014-08-27 22:54:40 +02:00
7ee5423310
Add specs for Msf::HTTP::JBoss::Base
2014-08-22 15:11:27 -05:00
4742dbad91
Fix YARD documentation
2014-08-22 14:18:13 -05:00
38e6576990
Update
2014-08-22 13:22:57 -05:00
fd40a68525
Added YARD documentation to lib/msf/http/jboss
2014-08-18 18:19:37 +02:00
d6e60453d6
Added Wordpress XMLRPC DoS
2014-08-07 11:38:44 +02:00
73ca8c0f6d
Work on jboss refactoring
2014-08-01 14:28:26 -05:00
d6c7eb8850
Fixed a typo introduced in commit 9e92448
2014-07-29 09:04:12 +02:00
William Vu
Christian Mehlmauer
Tom Sellers
jvazquez-r7
root
rastating
Vincent Herbulot