Ricardo Almeida
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
Ricardo Almeida
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
jvazquez-r7
0ff1cd24a9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 10:03:30 -05:00
jvazquez-r7
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
jvazquez-r7
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
jvazquez-r7
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
Steve Tornio
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
jvazquez-r7
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
sinn3r
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
jvazquez-r7
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
sinn3r
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
jvazquez-r7
345773592f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 13:54:47 -05:00
Steve Tornio
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
sinn3r
339f2a5c83
Hmmm, one extra ','
2013-06-21 21:29:17 -05:00
sinn3r
8d422c9a39
Forgot to randomize the fake pass and remove the payload during testing
2013-06-21 21:27:11 -05:00
sinn3r
e7d75d6d16
Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution
2013-06-21 21:03:10 -05:00
jvazquez-r7
fc7670fa5f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 23:16:04 -05:00
jvazquez-r7
494ee160af
Fix indent
2013-06-19 23:12:12 -05:00
jvazquez-r7
2d99c46414
Land #1990 , @wchen-r7's exploit for Libretto CMS
2013-06-19 23:11:34 -05:00
sinn3r
079477c57d
Commit final version
2013-06-19 20:35:24 -05:00
jvazquez-r7
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
sinn3r
62b23bc594
Initial (incomplete) commit
2013-06-19 16:59:15 -05:00
James Lee
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7
6d1101b65b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 12:14:53 -05:00
sinn3r
d347be35e9
Land #1986 - Restores MoinMoin during exploitation
2013-06-19 12:14:10 -05:00
jvazquez-r7
a894dc83c2
Try restore also at exploiting time
2013-06-19 11:35:52 -05:00
sinn3r
7b0977f897
Change base path
2013-06-19 11:33:45 -05:00
sinn3r
f0c81ed3cc
Correct disclosure date
2013-06-19 03:00:32 -05:00
sinn3r
67593d6ef4
Eh, PHP, not "php"
2013-06-19 02:34:49 -05:00
sinn3r
9c3bd12613
If I can't write, I want to know.
...
It's possible that the upload directory doesn't allow write, the
module should be aware of that. Other reasons may be possible.
2013-06-19 02:32:30 -05:00
sinn3r
19d868748d
Final version
2013-06-19 02:21:01 -05:00
sinn3r
5c1822ea17
Initial commit for havalite module
2013-06-18 19:00:42 -05:00
jvazquez-r7
2b46828d9c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 08:27:18 -05:00
sinn3r
3223ea799c
An invalid WritablePage option can result the same message as well.
2013-06-17 22:30:44 -05:00
jvazquez-r7
044bd2101f
Authenticate against the page to modify
2013-06-17 20:34:02 -05:00
jvazquez-r7
0bd6ca2a6a
Add module for CVE-2012-6081
2013-06-17 16:13:55 -05:00
jvazquez-r7
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
h0ng10
ccef6e12d2
changed to array in array
2013-05-16 19:03:47 +02:00
h0ng10
460542506d
changed to array
2013-05-16 19:01:20 +02:00
jvazquez-r7
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
Tod Beardsley
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
jvazquez-r7
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
sinn3r
6c76bee02f
Trying to make the description sound smoother
2013-04-26 16:02:28 -05:00
jvazquez-r7
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
jvazquez-r7
52b721c334
Update description
2013-04-25 14:47:35 -05:00
jvazquez-r7
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
jvazquez-r7
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
jvazquez-r7
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
jvazquez-r7
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
jvazquez-r7
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
jvazquez-r7
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
jvazquez-r7
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
jvazquez-r7
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
jvazquez-r7
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
jvazquez-r7
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
jvazquez-r7
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
jvazquez-r7
787f8cc32f
up to date
2013-03-26 12:18:53 +01:00
jvazquez-r7
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
jvazquez-r7
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
jvazquez-r7
c151d867dc
up to date
2013-03-12 17:04:27 +01:00
jvazquez-r7
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
jvazquez-r7
5a70314f55
up to date
2013-03-12 16:57:48 +01:00
jvazquez-r7
15742c49cb
up to date
2013-03-12 16:57:48 +01:00
Patrick Webster
1c3aa97bf8
Added Lotus Protector exploit module.
2013-03-12 16:57:47 +01:00
jvazquez-r7
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
James Lee
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
David Maloney
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
David Maloney
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
jvazquez-r7
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
Tod Beardsley
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
David Maloney
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
HD Moore
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
jvazquez-r7
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
bcoles
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
jvazquez-r7
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
bcoles
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
bcoles
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
jvazquez-r7
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
Jose Selvi
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
Jose Selvi
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
sinn3r
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
sinn3r
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
Charlie Eriksen
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
sinn3r
b50e040e69
Fix e-mail format, and the extra comma
2013-01-04 01:11:40 -06:00
Christian Mehlmauer
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
Christian Mehlmauer
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
jvazquez-r7
758edd7aed
make msftidy happy
2013-01-03 00:02:03 +01:00
Charlie Eriksen
97253d46a1
Multiple change for Juan
...
Incooperated changes as per Juan's suggestions.
- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00