Commit Graph

280 Commits (6ef87d1695d9bb0645fd91a4ff85b48b4beeb4b5)

Author SHA1 Message Date
Tod Beardsley 47493af103 Merge pull request #259 from todb-r7/edb-2
Convert Exploit-DB references to first-tier "EDB-12345" references
2012-03-23 12:09:07 -07:00
James Lee 17a044db89 Print the full URI
Makes everything obvious from output alone, don't need to show options
to see what RHOST is.
2012-03-22 18:44:55 -06:00
Tod Beardsley 7d12a3ad3a Manual fixup on remaining exploit-db references 2012-03-21 16:43:21 -05:00
Tod Beardsley 2f3bbdc00c Sed replacement of exploit-db links with EDB refs
This is the result of:

find modules/ -name \*.rb -exec sed -i -e 's#\x27URL\x27,
\x27http://www.exploit-db.com/exploits/\([0-9]\+\).*\x27#\x27EDB\x27,
\1#' modules/*.rb {} \
2012-03-21 16:43:21 -05:00
sinn3r aeb691bbee Massive whitespace cleanup 2012-03-18 00:07:27 -05:00
James Lee 70162fde73 A few more author typos 2012-03-05 13:28:46 -07:00
James Lee 5e6c40edfd Remove unnecessary space restrictions.
This allows using the full range of PHP payloads
2012-02-21 23:21:07 -07:00
James Lee 7ca573a1b4 Give these two old modules a chance to work by setting a proper arch
These must have been broken for quite some time.  =/  They should
probably both be ARCH_PHP but I'm reluctant to make that big of a change
without having the target software to test.
2012-02-21 22:59:20 -07:00
HD Moore ceb4888772 Fix up the boilerplate comment to use a better url 2012-02-20 19:40:50 -06:00
HD Moore af56807668 Cleanup the titles of many exploit modules 2012-02-20 19:25:55 -06:00
Tod Beardsley 7e25f9a6cc Death to unicode
Apologies to the authors whose names I am now intentionally misspelling.
Maybe in another 10 years, we can guarantee that all terminals and
machine parsers are okay with unicode suddenly popping up in strings.

Also adds a check in msftidy for stray unicode.
2012-01-10 14:54:55 -06:00
sinn3r e7ab48693c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:57 -06:00
sinn3r 94b736c76c Repair dead milw0rm link to exploit-db 2011-12-13 16:12:38 -06:00
sinn3r 97b74101fb Repair dead milw0rm link to exploit-db 2011-12-13 16:12:11 -06:00
sinn3r 6f5d64f6de Merge branch 'master' of github.com:rapid7/metasploit-framework 2011-11-29 03:31:15 -06:00
sinn3r 34a933d499 Feature #5610 2011-11-29 03:30:49 -06:00
Rob Fuller c411c216c0 Solved most of msftidy issues with the /modules directory 2011-11-28 17:10:29 -06:00
Wei Chen e767214411 Fix: whitespaces, svn propset, author e-mail format
git-svn-id: file:///home/svn/framework3/trunk@14175 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-06 22:02:26 +00:00
Steve Tornio 7a07e069da add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@14156 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-04 14:15:00 +00:00
Wei Chen 3722a5c3c1 Add LifeSize room command injection (feature #5333)
git-svn-id: file:///home/svn/framework3/trunk@14143 4d416f70-5f16-0410-b530-b9f4589650da
2011-11-02 19:40:05 +00:00
Joshua Drake 62c8c6ea9f big msftidy pass, ping me if there are issues
git-svn-id: file:///home/svn/framework3/trunk@14034 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-23 11:56:13 +00:00
HD Moore 5916a4afe3 Cosmetic
git-svn-id: file:///home/svn/framework3/trunk@13991 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:56:33 +00:00
HD Moore f2469fc23f Drop phpi to normal ranking, it eats too much time
git-svn-id: file:///home/svn/framework3/trunk@13990 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 09:10:45 +00:00
Wei Chen 975cc52bac Fix spelling errors
git-svn-id: file:///home/svn/framework3/trunk@13983 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-18 00:54:05 +00:00
Wei Chen d204f4027b Catch nil first before do .empty?
git-svn-id: file:///home/svn/framework3/trunk@13978 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 15:59:57 +00:00
Tod Beardsley 30ac88694f More msftidy fixes. Now I'm going to get a little more surgical to get this to move faster.
git-svn-id: file:///home/svn/framework3/trunk@13963 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-17 02:58:53 +00:00
HD Moore cf8524b1b4 Fixes #5414 by applying Joshua Taylor's patch that corrects bad reference types
git-svn-id: file:///home/svn/framework3/trunk@13949 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-16 09:53:53 +00:00
Wei Chen 14d7db1641 Add disclosure dates to all the exploit modules that didn't have one
git-svn-id: file:///home/svn/framework3/trunk@13938 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 21:09:17 +00:00
Wei Chen 1a02a2199b These are considered as cmd exec and do not cause crashes, therefore received an ExcellentRanking
git-svn-id: file:///home/svn/framework3/trunk@13937 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-15 20:42:20 +00:00
Chao Mu 4b9346e40e Switching my BSD modules to MSF_LICENSE to make life easier. Resistance is Futile! Assimilate!
git-svn-id: file:///home/svn/framework3/trunk@13925 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 23:29:52 +00:00
HD Moore 0ff7f17cba Cosmetic module and service name fixes
git-svn-id: file:///home/svn/framework3/trunk@13917 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-14 00:52:15 +00:00
HD Moore 643223ff11 Fixes #5651 by applying patch
git-svn-id: file:///home/svn/framework3/trunk@13850 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-10 15:40:59 +00:00
Wei Chen 9ddfc122af Fix indentation, white spaces, add patch URL to reference
git-svn-id: file:///home/svn/framework3/trunk@13847 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 20:39:02 +00:00
Tod Beardsley 921549fc3d Adding OSVDB ref that just popped up for me.
git-svn-id: file:///home/svn/framework3/trunk@13844 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 15:49:02 +00:00
Tod Beardsley 3d9c94633d Adding MyBB backdoor exploit submitted by tdz. Thanks!
git-svn-id: file:///home/svn/framework3/trunk@13838 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-09 03:22:07 +00:00
Wei Chen 37069a252c Support POST. Feature #5571
git-svn-id: file:///home/svn/framework3/trunk@13814 4d416f70-5f16-0410-b530-b9f4589650da
2011-10-04 16:02:52 +00:00
HD Moore 81cb99c7ab A better fix
git-svn-id: file:///home/svn/framework3/trunk@13605 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 19:26:41 +00:00
David Rude b39ed220ca remove the .strip call in banner check causes stack traces in some cases
git-svn-id: file:///home/svn/framework3/trunk@13604 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-21 06:50:51 +00:00
HD Moore 1fb64f099d Typo
git-svn-id: file:///home/svn/framework3/trunk@13427 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-30 18:23:52 +00:00
Wei Chen f47a2c7565 Format dictatorship round 2: Fix author e-mail format for all exploit modules
git-svn-id: file:///home/svn/framework3/trunk@13297 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-22 20:17:58 +00:00
Steve Tornio 94640b6bc4 add osvdb refs
git-svn-id: file:///home/svn/framework3/trunk@13115 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-07 11:54:54 +00:00
HD Moore ab4961bfa9 Timeline
git-svn-id: file:///home/svn/framework3/trunk@13099 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:20:47 +00:00
HD Moore e678bb0a8e Update the description to match the latest information
git-svn-id: file:///home/svn/framework3/trunk@13098 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 05:11:00 +00:00
HD Moore c82063d708 Update based on feedback from mc, indicating this backdoor was in place since February 15th 2011 and likely even earlier
git-svn-id: file:///home/svn/framework3/trunk@13097 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-05 01:49:05 +00:00
HD Moore 5482a59910 Exit cleanly if the shell as not valid
git-svn-id: file:///home/svn/framework3/trunk@13095 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:18:44 +00:00
HD Moore bd12c8c6a9 Fix a couple small typos
git-svn-id: file:///home/svn/framework3/trunk@13094 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 21:10:30 +00:00
HD Moore e6968c202a A couple bug fixes to enable cmd_interact and a new module for the VSFTPD backdoor
git-svn-id: file:///home/svn/framework3/trunk@13093 4d416f70-5f16-0410-b530-b9f4589650da
2011-07-04 20:09:32 +00:00
Joshua Drake bf20ace73e totally noobd out on that one, thx
git-svn-id: file:///home/svn/framework3/trunk@13035 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 18:09:21 +00:00
Joshua Drake a29002ee2e handle a few corner cases
git-svn-id: file:///home/svn/framework3/trunk@13032 4d416f70-5f16-0410-b530-b9f4589650da
2011-06-26 06:03:23 +00:00
Patrick Webster 5617d23635 Removed erroneous awstatstotals_multisort print_status.
git-svn-id: file:///home/svn/framework3/trunk@12715 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:45:36 +00:00
Patrick Webster 51ce0dba58 Added awstatstotals_multisort exploit module.
git-svn-id: file:///home/svn/framework3/trunk@12714 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-25 10:42:37 +00:00
James Lee 486c0556d0 don't leave unnecessary evil-looking logs
git-svn-id: file:///home/svn/framework3/trunk@12604 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-12 22:46:43 +00:00
David Rude a8b6c43636 reverting the disclosure dates for now need to clean up the patch
git-svn-id: file:///home/svn/framework3/trunk@12540 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 20:43:19 +00:00
David Rude 3b7ea08f6a Fixes a ton of Disclosure Date discrepencies in various modules, thanks a ton to Michael Baker for spending the time to ensure accuracy
git-svn-id: file:///home/svn/framework3/trunk@12539 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-04 19:17:31 +00:00
Patrick Webster cacac970e1 Added privilege escalation to contentkeeperweb_mimencode exploit module.
git-svn-id: file:///home/svn/framework3/trunk@12265 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-07 11:02:48 +00:00
Joshua Drake d682069aec add cve-2010-4566 exploit from Erwin Paternotte
git-svn-id: file:///home/svn/framework3/trunk@11873 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-03 20:51:12 +00:00
HD Moore 2dbbdc18dd Explicitly yield to other threads after each request, reducing the chance that this module will eat all cycles.
git-svn-id: file:///home/svn/framework3/trunk@11857 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-02 05:03:20 +00:00
Joshua Drake b6b9b83dd7 add CVE reference
git-svn-id: file:///home/svn/framework3/trunk@11579 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-14 16:25:37 +00:00
Joshua Drake 287f4c87fe style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11516 4d416f70-5f16-0410-b530-b9f4589650da
2011-01-08 01:13:26 +00:00
Steve Tornio 860e29228b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11414 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 14:43:13 +00:00
HD Moore e7f3c63e1c Exploit for a recent Redmine command injection vulnerability, provided as a holiday gift by Joernchen of Phenoelit.
git-svn-id: file:///home/svn/framework3/trunk@11406 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-25 05:46:29 +00:00
Steve Tornio 3662fb4bc6 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11389 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:16:18 +00:00
HD Moore 4708d5b159 Add coverage for the mitel audio web conferencing web interface command injection.
git-svn-id: file:///home/svn/framework3/trunk@11388 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-21 19:02:13 +00:00
Joshua Drake c46be9d387 better error for non-exim servers
git-svn-id: file:///home/svn/framework3/trunk@11352 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 17:30:24 +00:00
Joshua Drake 843b121ea1 fix typo
git-svn-id: file:///home/svn/framework3/trunk@11350 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-16 16:38:31 +00:00
Joshua Drake d69cff2b34 add bid reference
git-svn-id: file:///home/svn/framework3/trunk@11318 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-13 16:16:29 +00:00
Joshua Drake 573c639c85 remove debug prints
git-svn-id: file:///home/svn/framework3/trunk@11299 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 22:00:34 +00:00
Joshua Drake 7c6eadc24b check more responses, account for corner case in initial headers
git-svn-id: file:///home/svn/framework3/trunk@11298 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 21:58:25 +00:00
Joshua Drake ea4e8c29d3 add hdm to authors, minor cleanups
git-svn-id: file:///home/svn/framework3/trunk@11289 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 10:55:24 +00:00
HD Moore c1a3364ea9 Update the privileged flag
git-svn-id: file:///home/svn/framework3/trunk@11285 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:45 +00:00
HD Moore 8ad08ec535 Update the description/refs
git-svn-id: file:///home/svn/framework3/trunk@11284 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:31:04 +00:00
HD Moore 61e8ab1432 This module will now automatically gain root if Perl is installed
git-svn-id: file:///home/svn/framework3/trunk@11283 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-11 03:21:52 +00:00
Joshua Drake c1f37b3c8a minor adjustment to output printing
git-svn-id: file:///home/svn/framework3/trunk@11281 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 23:29:26 +00:00
Joshua Drake 5624c55599 add EHLO_NAME advanced option, remove debug print, fix version regex
git-svn-id: file:///home/svn/framework3/trunk@11280 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:51:05 +00:00
Joshua Drake b5d44d1684 handle hosts that reverse properly, whitespace
git-svn-id: file:///home/svn/framework3/trunk@11279 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:32:39 +00:00
HD Moore cc81d3bbc0 Automagic updates to jduck's exim module
git-svn-id: file:///home/svn/framework3/trunk@11278 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:17:47 +00:00
HD Moore a683f7b7d4 Automagic updates to jduck's exim module
git-svn-id: file:///home/svn/framework3/trunk@11277 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 22:16:34 +00:00
Steve Tornio d5fc9df054 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11276 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 21:43:12 +00:00
Joshua Drake 5cc8407748 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@11275 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:50:16 +00:00
Joshua Drake 9f5df90e60 add exploit for cve-2010-4344
git-svn-id: file:///home/svn/framework3/trunk@11274 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-10 19:34:23 +00:00
Joshua Drake add6955501 add disclosure date, fix parse error on 1.8.7
git-svn-id: file:///home/svn/framework3/trunk@11253 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-08 16:17:16 +00:00
Joshua Drake 9c1576b20e update the title
git-svn-id: file:///home/svn/framework3/trunk@11246 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:46:24 +00:00
Joshua Drake bbab0e3fd9 add cve-2008-6825 exploit from Larry Wert, fixes #3145
git-svn-id: file:///home/svn/framework3/trunk@11245 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-07 17:44:47 +00:00
Mario Ceballos 5dad5e2ee5 consistency
git-svn-id: file:///home/svn/framework3/trunk@11227 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-05 15:08:22 +00:00
Steve Tornio e93c196363 add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11214 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-03 12:34:38 +00:00
Mario Ceballos 50d6c9659a added coverage for the proftpd backdoor.
git-svn-id: file:///home/svn/framework3/trunk@11210 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-02 22:33:37 +00:00
Joshua Drake 26a9fe6fc7 add some missing CVE references
git-svn-id: file:///home/svn/framework3/trunk@11180 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-30 20:19:18 +00:00
Joshua Drake e9faf75503 fix some more titles with periods
git-svn-id: file:///home/svn/framework3/trunk@11127 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-24 19:35:38 +00:00
Steve Tornio eab8c24b8b add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@11074 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 20:43:56 +00:00
Joshua Drake b42a04a7aa add cakephp exploit from tdz
git-svn-id: file:///home/svn/framework3/trunk@11070 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-19 18:30:07 +00:00
Joshua Drake 3992eb7ef8 Mass RE-update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10998 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:43:22 +00:00
Joshua Drake 9fc6f2f3a3 Mass update: fix all framework URL references
git-svn-id: file:///home/svn/framework3/trunk@10996 4d416f70-5f16-0410-b530-b9f4589650da
2010-11-11 22:25:13 +00:00
Joshua Drake e78aa83021 style compliance fixes
git-svn-id: file:///home/svn/framework3/trunk@10821 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-25 20:58:49 +00:00
Joshua Drake 672fc87055 fixed typo, thx rmkml
git-svn-id: file:///home/svn/framework3/trunk@10803 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-23 23:35:44 +00:00
Steve Tornio ddf8294beb add osvdb ref
git-svn-id: file:///home/svn/framework3/trunk@10783 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 12:09:10 +00:00
Joshua Drake 7a9fe2c4d7 add exploit module for cve-2010-3585
git-svn-id: file:///home/svn/framework3/trunk@10780 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-22 06:16:31 +00:00
Tod Beardsley 865b711b5c Fixes #2974. Adds an "Unknown" level to Exploit::CheckCode, fixes the URI check for exploit/unix/webapp/php_include (which was relying on Unknown).
git-svn-id: file:///home/svn/framework3/trunk@10694 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-15 12:24:17 +00:00
Joshua Drake 7e4f4b3791 silly whitespace tweak
git-svn-id: file:///home/svn/framework3/trunk@10642 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 19:30:57 +00:00
Joshua Drake 8230bb6edf update disclosure date
git-svn-id: file:///home/svn/framework3/trunk@10637 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-11 03:59:19 +00:00
HD Moore a3ad8f5061 Add a quick module for exploiting basic web cmd injection
git-svn-id: file:///home/svn/framework3/trunk@10624 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-09 21:32:19 +00:00