d5d975c450
Add Module WordPress Creative Contact Form Upload
2015-04-13 18:38:43 -03:00
7b57496501
Fix typo and add email addr.
2015-04-13 04:12:32 -03:00
abee3f17c4
Add author, CVE and EDB references
2015-04-13 04:08:34 -03:00
58c4042321
Add Module WP Slideshow Gallery Shell Upload
2015-04-13 03:56:59 -03:00
2d1f8c510e
Add author and references
2015-04-12 21:21:49 -03:00
9f06cee53d
Add Module WordPress WorkTheFlow Shell Upload
2015-04-12 21:09:44 -03:00
49a6057f74
Grammaring harder
2015-03-24 11:10:36 -05:00
fadac30f00
Fix deprecated year
2015-03-24 00:34:38 -05:00
e338b77389
Readd and deprecate renamed WordPress modules
2015-03-23 23:48:56 -05:00
b191f92713
Renamed WordPress files to fit majority naming convention.
2015-03-23 18:15:04 +11:00
5dd718e4fa
Better description
2015-03-18 09:51:51 +01:00
00de437918
Initial commit
2015-03-18 09:45:08 +01:00
7d42dcee9c
Land #4769 , Wordpress holding-pattern theme file upload
2015-02-21 23:13:06 +01:00
708340ec5a
Tidy up various bits of code
2015-02-21 12:53:33 +00:00
76a64b31d7
Resolve msftidy issues
2015-02-21 01:41:29 +00:00
7d30b214ee
Add WordPress admin shell upload module
2015-02-21 01:31:33 +00:00
6370c99755
Avoid version numbers in titles
2015-02-17 10:28:56 -06:00
62a679ebb8
Avoid version numbers in titles
...
Usually, the versions are more of a range, and nearly always, the module
author never truly knows where the ranges are bounded. It's okay to
clarify in the description.
2015-02-17 10:26:40 -06:00
40c92f5fe3
Add URL reference
2015-02-14 13:09:37 +00:00
4dce589bbe
Add WordPress Holding Pattern file upload module
2015-02-14 12:54:03 +00:00
55f57e0b9b
Land #4746 , WordPress photo-gallery exploit
2015-02-12 22:24:12 +01:00
bce7211f86
added url and randomize upload directory
2015-02-12 22:16:37 +01:00
155651e187
Make filename shorter
2015-02-12 11:45:51 -06:00
95bfe7a7de
Do minor cleanup
2015-02-12 11:45:51 -06:00
30f310321d
Added CVE reference
2015-02-12 11:45:51 -06:00
38ad960640
Add Maarch LetterBox file upload module
2015-02-12 11:45:51 -06:00
cb1efa3edd
Improved error handling, tidied up some code
2015-02-11 10:16:18 +00:00
80a086d5f6
Add WordPress Photo Gallery upload module
2015-02-11 01:03:51 +00:00
6d46182c2f
Land #4570 , @rastating 's module for wp-easycart
2015-02-07 23:42:23 +01:00
f2b834cebe
remove check because the vuln is unpatched
2015-02-07 23:38:44 +01:00
d2421a2d75
wrong version
2015-02-07 23:34:19 +01:00
56d2bc5adb
correct version number
2015-02-07 23:22:43 +01:00
345d5c5c08
Update version numbers to reflect latest release
2015-02-07 19:09:16 +00:00
1ea4a326c1
Land #4656 , @nanomebia's fixes for sugarcrm_unserialize_exec
2015-02-06 16:42:01 -06:00
e511f72ab4
Delete final check
...
* A session is the best proof of success
2015-02-06 16:34:34 -06:00
c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM
2015-02-05 12:36:47 -06:00
c0e1440572
Land #4685 , @FireFart's module for Wordpress Platform Theme RCE
2015-02-03 17:35:59 -06:00
28f303d431
Decrease timeout
2015-02-03 17:33:29 -06:00
a1c157a4db
Land #4609 , @h0ng10's module for Wordpress Pixabay Images PHP Code Upload
2015-02-03 17:01:32 -06:00
eebee7c066
Do better session creation handling
2015-02-03 17:00:37 -06:00
4ca4fd1be2
Allow to provide the traversal depth
2015-02-03 16:38:40 -06:00
e62a5a4fff
Make the calling payload code easier
2015-02-03 16:23:04 -06:00
61cdb5dfc9
Change filename
2015-02-03 16:13:10 -06:00
82be43ea58
Do minor cleanup
2015-02-03 16:07:27 -06:00
2c956c0a0f
add wordpress platform theme rce
2015-01-31 22:02:44 +01:00
d04fd3b978
Fixing Indentation
...
Small indentation fix
2015-01-29 13:03:19 +08:00
af90c6482b
Sanity Changes
...
Reverted failure behaviour on line 70
Removed a space that prevented line 98 from working as intended
2015-01-28 18:40:43 +08:00
27c412341f
Syntax Changes
...
Cleaned up this statement a tiny bit
2015-01-28 18:34:19 +08:00
fc3094ec9b
Syntax changes
...
Fixed some more syntax - failures
2015-01-28 18:30:21 +08:00
321eb452c5
Syntax Fixes
...
Fixed some or's to || - and's to &&.
Fixed failure if statement (fails using fail_with())
Fixed nested else (now and elsif)
Changed final execute logic - checks for success rather than failure.
2015-01-28 18:08:15 +08:00
fefc3d088c
Cookie fix and success display
...
Added handling for if the server doesn't correctly assign a cookie using
Set-Cookie by changing the regex and doing an additional check. Also
fixed the success display - changed the if statement to match others in
this module and fixed the text output based on server response.
2015-01-28 17:11:05 +08:00
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
419fa93897
Add OSVDB and WPScan references
2015-01-23 09:27:42 +01:00
dfbbc79e0d
make retries a datastore option
2015-01-23 09:23:09 +01:00
11bf58e548
Use metasploit methods
2015-01-23 08:48:52 +01:00
9d3397901b
Correct version numbers and code tidy up
2015-01-19 20:59:46 +00:00
5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
8a89b3be28
Cleanup of various bits of code
2015-01-13 22:20:40 +00:00
8246f4e0bb
Add ability to use both WP and EC attack vectors
2015-01-12 23:30:59 +00:00
e6f6acece9
Add a date hash to the post data
2015-01-12 21:21:50 +00:00
ea37e2e198
Add WP EasyCart file upload exploit module
2015-01-10 21:05:02 +00:00
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
4530066187
return nil
2014-12-15 01:04:39 +11:00
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
444b01c4b0
Typo + shorten php serialized object
2014-10-12 21:29:04 +02:00
2428688565
CVE-2014-7228 Joomla/Akeeba Kickstart RCE
...
Exploit via serialiazed PHP object injection. The Joomla! must be
updating more precisely, the file $JOOMLA_WEBROOT/administrator/
components/com_joomlaupdate/restoration.php must be present
2014-10-09 18:51:24 +02:00
1584c4781c
Add reference
2014-10-09 06:58:15 +02:00
4f96d88a2f
Land #3949 , @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload
2014-10-08 16:35:49 -05:00
66a8e7481b
Fix description
2014-10-08 16:35:14 -05:00
8ba8402be3
Update timeout
2014-10-08 16:32:05 -05:00
bbf180997a
Do minor cleanup
2014-10-08 16:29:11 -05:00
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00
ac526ca9bd
Fix print_* to vprint_* in check method
2014-08-11 18:58:11 +02:00
4b4b24b79d
Fix errors printing
2014-08-11 18:54:43 +02:00
c97cd75beb
Rephrase 'Author' section
2014-08-11 18:52:21 +02:00
0138f3648d
Add VMTurbo Operations Manager 'vmtadmin.cgi' Remote Command Execution module.
2014-08-11 16:57:39 +02:00
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
621e85a32d
Correct version
2014-07-28 22:45:04 +02:00
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
d5843f8eaf
Updated Mailpoet exploit to work with another version
2014-07-06 10:53:40 +02:00
cf5d29c53b
Add EOF newline to satisfy msftidy
2014-07-05 13:51:12 -05:00
6d9bf83ded
Small fixes for the recent WP MailPoet module
...
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
2efa3d6bc0
Land #3487 , @FireFart's exploit for WordPress MailPoet file upload
2014-07-03 14:34:58 -05:00
97a6b298a8
Use print_warning
2014-07-03 13:38:20 -05:00
dcba357ec3
implement feedback
2014-07-03 20:27:08 +02:00
aeb4fff796
Added FileDropper
2014-07-03 19:25:31 +02:00
071f236946
Changed check method
2014-07-02 22:31:02 +02:00
a58ff816c5
Changed check method
2014-07-02 22:29:00 +02:00
40175d3526
added check method
2014-07-02 11:07:58 +02:00
54a28a103c
Updated description
2014-07-02 10:49:28 +02:00
1ff549f9c1
Replaced Tab
2014-07-02 10:35:30 +02:00
09131fec28
Added wysija file upload exploit
2014-07-02 10:24:27 +02:00
7f06d10ba6
Dont blindly strip a possible nil return value
2014-06-28 16:08:06 -05:00
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
69369c04b3
Land #3126 , @xistence's exploit for SePortal
2014-03-28 13:52:59 -05:00
7b56c9edac
Add references
2014-03-28 13:51:56 -05:00
0b766cd412
changes per firefart
2014-03-27 10:08:44 -07:00
744308bd35
tab...
2014-03-27 05:24:55 -07:00
a8c96213f0
normalize_uri for wp_property_upload_exec
2014-03-27 05:22:56 -07:00
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
2845f834c6
changed cookie retrieval to res.get_cookies
2014-03-20 16:39:26 +07:00
7bfb8e95e6
minor changes to seportal module
2014-03-20 13:44:39 +07:00
5ef49ff64b
SePortal 2.5 SQLi Remote Code Execution
2014-03-20 12:02:06 +07:00
d6faf20981
Make title more accurate
2014-03-19 12:43:34 -05:00
0a795ab602
Land #3106 , @xistence's exploit for Array Networks devices
2014-03-19 10:49:03 -05:00
0e27d75e60
Code clean up
2014-03-19 10:48:25 -05:00
379c0efd5a
Update POP chain documentation
2014-03-18 16:29:30 -05:00
77c128fbc5
Fix disclosure date and add ref
2014-03-18 16:21:44 -05:00
b6e8bb62bb
Switch exploitation technique to use default available classes
2014-03-18 16:07:50 -05:00
f86fd8af5d
Delete debug print
2014-03-17 21:01:41 -05:00
3bdd906aae
Add module for CVE-2014-1691
2014-03-17 20:47:45 -05:00
c916b62f47
Removes hash rockets from references.
...
[SeeRM #8776 ]
2014-03-17 09:40:32 -05:00
e261975c34
Array Networks vxAG and vAPV SSH key and privesc
2014-03-17 14:11:16 +07:00
1043d9d8b2
Array Networks vxAG and vAPV SSH key and privesc
2014-03-17 14:06:55 +07:00
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution
2013-12-20 11:29:10 -06:00
d0ef860f75
Strip default username/password
...
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
fb6cd9c149
add osvdb+url refs and module tidy up
2013-12-20 20:27:07 +10:30
fc2da15c87
Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349
2013-12-19 19:10:48 +10:30
198667b650
Land #2774 , @Mekanismen's module for CVE-2013-7091
2013-12-18 16:23:44 -06:00
aec2e0c92c
Change ranking
2013-12-18 16:23:14 -06:00
d4ec858051
Clean zimbra_lfi
2013-12-18 15:46:37 -06:00
0c0e8c3a49
various updates
2013-12-18 20:54:35 +01:00
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
f5a45bfe52
@twitternames not supported for author fields
...
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address . Should
be fixed some day.
2013-12-04 13:31:22 -06:00
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
47bff9a416
Land #2711 , @Mekanismen exploit for wordpress OptimizePress theme
2013-12-02 16:30:24 -06:00
5c3ca1c8ec
Fix title
2013-12-02 16:30:01 -06:00
c32b734680
Fix regex
2013-12-02 16:24:21 -06:00
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
79a6f8c2ea
Clean php_wordpress_optimizepress
2013-12-02 15:43:41 -06:00
57b7d89f4d
Updated
2013-12-01 09:06:41 +01:00
045b848a30
added exploit module for optimizepress
2013-11-30 21:51:56 +01:00
a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection
2013-11-27 19:10:44 -06:00
a03cfce74c
Add table prefix and doc root as fallback options
2013-11-25 17:44:26 +10:30
d8700314e7
Add Kimai v0.9.2 'db_restore.php' SQL Injection module
2013-11-24 02:32:16 +10:30
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
65993704c3
Actually commit the mode change.
2013-11-11 22:16:29 -06:00
bdba80c05c
Land #2569 , @averagesecurityguy and others exploit for CVE-2013-4468, CVE-2013-4467
2013-11-07 12:20:42 -06:00
2d4090d9c3
Make option astGUIclient credentials
2013-11-06 20:33:47 -06:00
24d22c96a5
Improve exploitation
2013-11-06 20:15:40 -06:00
2b2ec1a576
Change module location
2013-11-06 15:53:45 -06:00
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
2ef33aabe7
Clean open_flash_chart_upload_exec
2013-10-24 10:15:28 -05:00
8a5d4d45b4
Add Open Flash Chart v2 Arbitrary File Upload exploit
2013-10-24 22:46:41 +10:30
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
22b4bf2e94
Resplat webtester_exec.rb
2013-10-17 13:30:54 -05:00
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
352eca1147
Fix check method and set a big space available for payload
2013-10-17 09:30:59 -05:00
54cf7855a2
Add WebTester 5.x Command Execution exploit module
2013-10-17 16:57:57 +10:30
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
e2a9339592
Add CVE to joomla media upload module.
2013-10-12 21:20:11 -05:00
9ca9b4ab29
Merge branch 'master' into data_dir
...
Conflicts:
lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
52574b09cb
Add OSVDB reference
2013-10-09 14:13:45 -05:00
24efb55ba9
Clean flashchat_upload_exec
2013-10-05 14:50:51 -05:00
08243b277a
Add FlashChat Arbitrary File Upload exploit module
2013-10-05 22:30:38 +09:30
299dfe73f1
Land #2460 , @xistence's exploit for clipbucket
2013-10-04 12:26:30 -05:00
8e0a4e08a2
Fix author order
2013-10-04 12:25:38 -05:00
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
a50ab1ddd3
Land #2409 , @xistence exploit for ZeroShell
2013-09-24 15:32:55 -05:00
6c2063c9c0
Do not get a session on every execute_command call
2013-09-24 15:31:40 -05:00
79ca123051
Use snake_case
2013-09-24 15:16:51 -05:00
34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
ce4cf55d22
Land #2417 , @todb-r7's change to Platform field to make ruby style compliant
2013-09-24 13:30:48 -05:00
89222f4b16
Land #2416 , OSVDB refs for arkeia_upload_exec
2013-09-24 13:22:24 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
d15f442e56
Add OSVDB references to arkeia_upload_exec
2013-09-24 08:48:28 -05:00
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
Roberto Soares
Tod Beardsley
William Vu
aushack
Hans-Martin Münch (h0ng10)
Christian Mehlmauer
rastating
jvazquez-r7
Nanomebia
sinn3r
Brendan Coles
Jon Hart
Marc Wickenden
EgiX
HD Moore
Deral Heiland
us3r777
URI Assassin
James Lee
Emilio Pinna
Spencer McIntyre
Kurt Grutzmacher
xistence
Mekanismen
jvazquez-r7
joev
Meatballs