infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
39,042 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1338 Commits (952c2f9d1e1118d97ed546babda98c219a97daf2)

Author SHA1 Message Date
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references" 
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
 2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
wchen-r7 2cc6565cc9 Update rails_actionpack_inline_exec 2016-07-07 15:56:50 -05:00
RageLtMan fcf8cda22f Add basic module for CVE-2016-2098 
ActionPack versions prior to 3.2.22.2, 4.1.14.2, and 4.2.5.2
implement unsafe dynamic rendering of inline content such that
passing ERB wrapped Ruby code leads to remote execution.

This module only implements the Ruby payloads, but can easily
be extended to use system calls to execute native/alternate
payload types as well.

Test Procedures:
  Clone https://github.com/hderms/dh-CVE_2016_2098
  Run bundle install to match gem versions to those in lockfile
  Run the rails server and configure the metasploit module:
    Set TARGETURI to /exploits
    Configure payload and handler options
  Execute the module, move on to post-exp
 2016-06-28 03:28:16 -04:00
wchen-r7 7cdadca79b
Land #6945, Add struts_dmi_rest_exec exploit 2016-06-08 23:16:46 -05:00
Vex Woo e4c55f97db Fix module desc 2016-06-06 10:40:36 -05:00
Vex Woo 9f19d2c210 add apache struts2 S2-033 rce module 2016-06-06 05:07:48 -05:00
wchen-r7 f333481fb8 Add vendor patch info 2016-06-02 16:41:06 -05:00
wchen-r7 7c9227f70b Cosmetic changes for magento_unserialize to pass msftidy & guidelines 2016-06-02 16:34:41 -05:00
mr_me 4f42cc8c08 Added module 2016-06-02 09:24:10 -05:00
William Webb 028b1ac251 Land #6816 Oracle Application Testing Suite File Upload 2016-05-24 18:27:10 -05:00
Brent Cook 5bf8891c54
Land #6882, fix moodle_cmd_exec HTML parsing to use REX 2016-05-23 23:25:22 -05:00
wchen-r7 506356e15d
Land #6889, check #nil? and #empty? instead of #empty? 2016-05-19 19:23:04 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
Brent Cook cf0176e68b
Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00
HD Moore 4a5d150716 Fixups to continue supporting Rails 4.2.x 2016-05-10 23:12:48 -05:00
HD Moore 04bb493ccb Small typo fixed 2016-05-10 23:07:51 -05:00
HD Moore 7c6958bbd8 Rework rails_web_console_v2_code_exec to support CVE-2015-3224 2016-05-10 11:08:02 -05:00
William Vu 2abb062070 Clean up module 2016-05-06 11:51:29 -05:00
Louis Sato 8dc7de5b84
Land #6838, add Rails web-console module 2016-05-05 15:53:52 -05:00
HD Moore 779a7c0f68 Switch to the default rails server port 2016-05-03 02:06:58 -05:00
HD Moore 8b04eaaa60 Clean up various whitespace 2016-05-03 02:06:37 -05:00
wchen-r7 df44dc9c1c Deprecate exploits/linux/http/struts_dmi_exec 
Please use exploits/multi/http/struts_dmi_exec, which supports
Windows and Java targets.
 2016-05-02 15:03:25 -05:00
HD Moore 3300bcc5cb Make msftidy happier 2016-05-02 02:33:06 -05:00
HD Moore 67c9f6a1cf Add rails_web_console_v2_code_exec, abuse of a debug feature 2016-05-02 02:31:14 -05:00
join-us 6a00f2fc5a mv exploits/linux/http/struts_dmi_exec.rb to exploits/multi/http/struts_dmi_exec.rb 2016-05-01 00:00:29 +08:00
William Vu c16a02638c Add Oracle Application Testing Suite exploit 2016-04-26 15:41:27 -05:00
William Vu 0cb555f28d Fix typo 2016-04-26 15:26:22 -05:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references. 
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
 2016-04-23 12:32:34 -05:00
Brent Cook 57cb8e49a2 remove overwritten keys from hashes 2016-04-20 07:43:57 -04:00
Pedro Ribeiro 8dfe98d96c Add bugtraq reference 2016-04-14 10:23:53 +01:00
Pedro Ribeiro 2dc4539d0d Change class name to MetasploitModule 2016-04-10 23:27:40 +01:00
Pedro Ribeiro 1fa7c83ca1 Create file for CVE-2016-1593 2016-04-10 23:17:07 +01:00
William Vu 11bf1018aa Fix typo 2016-04-06 14:20:41 -05:00
William Vu a4ef9980f4
Land #6677, atutor_sqli update 2016-04-05 19:52:44 -05:00
William Vu d9d257cb1a Fix some things 2016-04-05 19:23:11 -05:00
wchen-r7 74f25f04bd Make sure to always print the target IP:Port 2016-03-30 11:16:41 -05:00
William Vu 2b90846268 Add Apache Jetspeed exploit 2016-03-23 19:22:32 -05:00
h00die ebc7316442 Spelling Fix 
Fixed Thorugh to Through
 2016-03-19 13:58:13 -04:00
James Lee 1375600780
Land #6644, datastore validation on assignment 2016-03-17 11:16:12 -05:00
Brent Cook 1769bad762 fix FORCE logic 2016-03-16 09:53:09 -05:00