Commit Graph

491 Commits (9b9e1592fd7d6c0b3fda0c41441b74cad0b7ab72)

Author SHA1 Message Date
Ricardo Almeida 760133d878 Error on line 60 2013-07-01 12:04:03 -04:00
Ricardo Almeida 4cd08966ff added InstantCMS 1.6 PHP Code Injection 2013-07-01 11:44:47 -04:00
jvazquez-r7 0ff1cd24a9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 10:03:30 -05:00
jvazquez-r7 867eed7957 Make msftidy happy 2013-06-30 10:01:40 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 31fcb911f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-23 21:41:10 -05:00
sinn3r 5b0092ff39 Land #2006 - Ref updates 2013-06-23 18:26:48 -05:00
jvazquez-r7 345773592f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 13:54:47 -05:00
Steve Tornio 14850cd387 reference updates for multiple modules 2013-06-22 07:28:04 -05:00
sinn3r 339f2a5c83 Hmmm, one extra ',' 2013-06-21 21:29:17 -05:00
sinn3r 8d422c9a39 Forgot to randomize the fake pass and remove the payload during testing 2013-06-21 21:27:11 -05:00
sinn3r e7d75d6d16 Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution 2013-06-21 21:03:10 -05:00
jvazquez-r7 fc7670fa5f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 23:16:04 -05:00
jvazquez-r7 494ee160af Fix indent 2013-06-19 23:12:12 -05:00
jvazquez-r7 2d99c46414 Land #1990, @wchen-r7's exploit for Libretto CMS 2013-06-19 23:11:34 -05:00
sinn3r 079477c57d Commit final version 2013-06-19 20:35:24 -05:00
jvazquez-r7 869438cb73 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 19:57:40 -05:00
sinn3r 62b23bc594 Initial (incomplete) commit 2013-06-19 16:59:15 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7 6d1101b65b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 12:14:53 -05:00
sinn3r d347be35e9 Land #1986 - Restores MoinMoin during exploitation 2013-06-19 12:14:10 -05:00
jvazquez-r7 a894dc83c2 Try restore also at exploiting time 2013-06-19 11:35:52 -05:00
sinn3r 7b0977f897 Change base path 2013-06-19 11:33:45 -05:00
sinn3r f0c81ed3cc Correct disclosure date 2013-06-19 03:00:32 -05:00
sinn3r 67593d6ef4 Eh, PHP, not "php" 2013-06-19 02:34:49 -05:00
sinn3r 9c3bd12613 If I can't write, I want to know.
It's possible that the upload directory doesn't allow write, the
module should be aware of that.  Other reasons may be possible.
2013-06-19 02:32:30 -05:00
sinn3r 19d868748d Final version 2013-06-19 02:21:01 -05:00
sinn3r 5c1822ea17 Initial commit for havalite module 2013-06-18 19:00:42 -05:00
jvazquez-r7 2b46828d9c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 08:27:18 -05:00
sinn3r 3223ea799c An invalid WritablePage option can result the same message as well. 2013-06-17 22:30:44 -05:00
jvazquez-r7 044bd2101f Authenticate against the page to modify 2013-06-17 20:34:02 -05:00
jvazquez-r7 0bd6ca2a6a Add module for CVE-2012-6081 2013-06-17 16:13:55 -05:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
h0ng10 ccef6e12d2 changed to array in array 2013-05-16 19:03:47 +02:00
h0ng10 460542506d changed to array 2013-05-16 19:01:20 +02:00
jvazquez-r7 a7e4ba5015 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-30 08:32:24 -05:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 6c76bee02f Trying to make the description sound smoother 2013-04-26 16:02:28 -05:00
jvazquez-r7 9b5e96b66f Fix @jlee-r7's feedback 2013-04-25 14:53:09 -05:00
jvazquez-r7 52b721c334 Update description 2013-04-25 14:47:35 -05:00
jvazquez-r7 84e9f80ffa Add check for WP-Super-Cache 2013-04-25 14:43:16 -05:00
jvazquez-r7 15c8d92148 Fix version checked and add reference 2013-04-25 12:48:36 -05:00
jvazquez-r7 7d317e5933 Switch from post to get on check 2013-04-25 07:51:28 -05:00
jvazquez-r7 d55faa14d3 Add check function 2013-04-25 07:44:37 -05:00
jvazquez-r7 51fd07a145 Add BID reference 2013-04-24 21:48:05 -05:00
jvazquez-r7 378c2079a2 Add hdm also as author 2013-04-24 17:37:29 -05:00
jvazquez-r7 b816dd569c Update description 2013-04-24 17:34:25 -05:00
jvazquez-r7 573e880a62 Use the correct post id when posting 2013-04-24 17:30:24 -05:00
jvazquez-r7 ded0269ba0 Add POST ID bruteforcing capabality 2013-04-24 17:21:36 -05:00
jvazquez-r7 fca4c3b8b2 Add sha1 sum check to allow execution 2013-04-24 16:10:49 -05:00
jvazquez-r7 d2e29b846c Add module for Wordpress Total Cache PHP Injection 2013-04-24 15:29:40 -05:00
jvazquez-r7 787f8cc32f up to date 2013-03-26 12:18:53 +01:00
jvazquez-r7 1d95abc458 cleanup for joomla_comjce_imgmanager 2013-03-26 12:02:39 +01:00
jvazquez-r7 9b3bbd577f module moved to unix webapps 2013-03-26 12:02:08 +01:00
jvazquez-r7 c151d867dc up to date 2013-03-12 17:04:27 +01:00
jvazquez-r7 6603dcd652 up to date 2013-03-12 17:04:13 +01:00
jvazquez-r7 5a70314f55 up to date 2013-03-12 16:57:48 +01:00
jvazquez-r7 15742c49cb up to date 2013-03-12 16:57:48 +01:00
Patrick Webster 1c3aa97bf8 Added Lotus Protector exploit module. 2013-03-12 16:57:47 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
jvazquez-r7 6b1bb9e1e8 Added module for OSVDB 90222 2013-02-16 13:11:46 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r 027ba28e70 Merge branch 'jvazquez-r7-datalife_template' 2013-02-01 16:27:18 -06:00
HD Moore a63cf6977c Fix 1.8 support 2013-02-01 14:39:32 -06:00
jvazquez-r7 bf7bb9952e added template stuff improve 2013-02-01 11:53:42 +01:00
sinn3r de8572d934 Use normalize_uri for URI 2013-01-31 16:57:48 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
jvazquez-r7 b2ce9302c6 uri normalization in the old way 2013-01-31 16:59:49 +01:00
jvazquez-r7 365e1b0557 added module for cve-2013-1412 2013-01-31 16:09:14 +01:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
jvazquez-r7 9769efbf01 references and date updated 2013-01-20 17:38:37 +01:00
bcoles dc318c5aed update php_charts_exec metadata 2013-01-21 02:12:42 +10:30
bcoles f975a42571 move and update php_charts_exec metadata 2013-01-21 02:10:48 +10:30
jvazquez-r7 2348a0b066 final cleanup and testing 2013-01-16 11:55:14 +01:00
Jose Selvi 064ea63a72 Fixes 2013-01-16 05:22:43 +01:00
Jose Selvi 18f81fd6f4 Nagios3 history.cgi exploit 2013-01-15 15:32:32 +01:00
sinn3r 2a1ab2c99a Improve the module 2013-01-07 19:03:58 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
Charlie Eriksen 4e0fca6d0f Adding DB error handling
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.

Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen a8df3d71ff Changes based on Sinn3r's feedback
A bucket-load of changes!

- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen a5113f0da4 Adding a check function
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.

So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen ae72022777 Improvement for CVE 2012-4915
Made two tiny improvements based on Meatballs' points

- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
sinn3r b50e040e69 Fix e-mail format, and the extra comma 2013-01-04 01:11:40 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
jvazquez-r7 758edd7aed make msftidy happy 2013-01-03 00:02:03 +01:00
Charlie Eriksen 97253d46a1 Multiple change for Juan
Incooperated changes as per Juan's suggestions.

- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00