Commit Graph

1081 Commits (9d3e90e8e56ccd579ff68e075b9e2894b3d4e087)

Author SHA1 Message Date
William Vu 934b05e736
Land #7310, at(1) persistence module 2016-12-22 03:33:58 -06:00
William Vu b65a62ba93 Clean up module 2016-12-22 03:33:08 -06:00
wchen-r7 41355898fa Remove extra def report_cred in vbulletin_vote_sqli_exec 2016-12-01 15:31:24 -06:00
Brent Cook f313389be4 Merge remote-tracking branch 'upstream/master' into land-7507-uuid-arch 2016-11-20 19:08:56 -06:00
wchen-r7 8cd9a9b670 Deprecate wp_ninja_forms_unauthenticated_file_upload
wp_ninja_forms_unauthenticated_file_upload actually supports
multiple platforms.

Instead of using:
exploit/unix/webapp/wp_ninja_forms_unauthenticated_file_upload

Please use:
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
2016-11-10 11:17:09 -06:00
OJ 57eabda5dc
Merge upstream/master 2016-10-29 13:54:31 +10:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
OJ 1d617ae389
Implement first pass of architecture/platform refactor 2016-10-28 07:16:05 +10:00
William Vu 1da40b5deb Change HAVE_POPEN to USE_POPEN
PS target doesn't support it, so the option should be renamed.
2016-10-14 11:58:39 -05:00
Brent Cook acec45c8b3
Land #7409, CVE-2013-5093 Graphite Pickle Handling - Add Version Check 2016-10-14 08:54:57 -05:00
William Vu 5b46e72aea Update module logic 2016-10-13 17:40:16 -05:00
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
William Vu e70ba8110d Update references 2016-10-13 17:35:55 -05:00
William Vu 88bb2e2295 Update description 2016-10-13 17:35:30 -05:00
h00die 7c20f20493 remove unneeded bash 2016-10-07 21:12:27 -04:00
funkypickle fb0a438fdf Perform a version check to determine exploitability for graphite pickle 2016-10-05 16:08:02 -07:00
William Vu f60d575d62 Add EOF newline back in 2016-10-04 11:14:15 -05:00
wchen-r7 b1cb153c31 Make errors more meaningful 2016-10-03 15:29:40 -05:00
wchen-r7 f838c9990f Fix nonce bug in wp_ninja_forms_unauthenticated_file_upload
If wordpress saves the nonce value in JavaScript, we could get an
undefined method for nil.
2016-09-27 11:30:52 -05:00
David Maloney e315ec4e73
Merge branch 'master' into bug/7321/fix-ssh-modules 2016-09-19 15:27:37 -05:00
h00die 3bc566a50c fix email 2016-09-18 20:09:38 -04:00
William Vu a7103f2155 Fix missing form inputs
Also improve check string.
2016-09-15 19:19:24 -05:00
William Webb 01327f0265
Land #7245, NetBSD mail.local privilege escalation module 2016-09-14 16:07:12 -05:00
James Lee 27be29edb4
Fix typo 2016-09-14 13:21:37 -05:00
Brent Cook 7352029497 first round of SSL damage fixes 2016-09-13 17:42:31 -05:00
wchen-r7 ed5bbb9885
Land #7284, Add SugarCRM REST PHP Object Injection exploit 2016-09-13 15:46:46 -05:00
wchen-r7 a0095ad809 Check res properly and update Ruby syntax
If res is nil, it should not be doing res.code
2016-09-13 15:45:57 -05:00
nixawk 1ce9aedb97 parenthesis for condition expression 2016-09-13 03:37:47 -05:00
nixawk fd16c1c3b7 Fix issue-7295 2016-09-13 01:32:20 -05:00
EgiX df5fdbff41 Add module for KIS-2016-07: SugarCRM REST PHP Object Injection
This PR contains a module to exploit KIS-2016-07, a PHP Object Injection vulnerability in SugarCRM CE before version 6.5.24 that allows unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. Successful exploitation of this vulnerability should require SugarCRM to be running on PHP before version 5.6.25 or 7.0.10, which fix CVE-2016-7124.
2016-09-07 01:58:41 +02:00
h00die 748c959cba forgot to save before PR 2016-08-25 21:45:17 -04:00
h00die 5dff01625d working code 2016-08-25 21:32:25 -04:00
Pearce Barry 226ded8d7e
Land #6921, Support basic and form auth at the same time 2016-08-25 16:31:26 -05:00
h00die f2e2cb6a5e cant transfer file 2016-08-21 19:42:29 -04:00
h00die 6306fa5aa5 Per discussion in #7195, trying a different route. Currently this compiles, then passes the binary. However, there isn't a reliable binary transfer method at this point, so the rewrite from this point will be to transfer the ascii file, then compile on system (gcc is installed by default I believe) 2016-08-21 19:16:04 -04:00
William Vu 4228868c29 Clean up after yourself
Can't use FileDropper. :(
2016-08-16 23:09:14 -05:00
William Vu 1f63f8f45b Don't override payload
pl is a cheap replacement.
2016-08-16 23:08:53 -05:00
William Vu b3402a45f7 Add generic payloads
Useful for testing and custom stuff.
2016-08-16 23:08:09 -05:00
William Vu 2fed51bb18
Land #7115, Drupal CODER exploit 2016-08-15 01:15:23 -05:00
William Vu 62d28f10cb Clean up Mehmet modules 2016-08-15 01:12:58 -05:00
Mehmet Ince b4846e5793
Enabling cmd_bash payload type with bash-tcp cmd 2016-08-13 00:14:25 +03:00
Mehmet Ince d38e9f8ceb
Using # instead of ;. Semicolon is causing msg in error.log. 2016-08-12 23:35:29 +03:00
Mehmet Ince ba79579202
Extending Space limitation up to 250 2016-08-12 22:32:49 +03:00
Brent Cook abf435d6c2
Land #6960, Auth bypass for Polycom HDX video endpoints 2016-08-01 14:02:50 -05:00
Brent Cook 5309f2e4fb endpoints, not end points 2016-08-01 14:02:17 -05:00
Brent Cook b34201e65c restore session as an instance variable 2016-08-01 13:58:54 -05:00
Mehmet Ince dadafd1fdf
Use data:// instead of bogus web server and check() improvements. 2016-07-26 13:31:46 +03:00
Mehmet Ince 780e83dabb
Fix for Opt params and Space limits 2016-07-22 20:48:15 +03:00
Mehmet Ince 7e9c5f9011
Fix for double space and indentation 2016-07-21 20:27:52 +03:00
Mehmet Ince 634ee93de4
Add Drupal CODER remote command execution 2016-07-21 20:23:54 +03:00