infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
45,114 Commits
7 Branches
556 Tags
421 MiB
Commit Graph

1533 Commits (9db75849a964782d7b15eb9417360f571c8d7e98)

Author SHA1 Message Date
Shelby Pace 8586e6fc8f
Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-12 11:24:03 -05:00
Shelby Pace 45f354e55d
Land #10231, Monstra Fileupload Exec 2018-07-12 11:24:02 -05:00
Jacob Robles d480ee8e20
Land #10275, Update missing CVE references for exploit modules 2018-07-12 11:24:01 -05:00
Wei Chen e915bb0f66
Land #10262, Add GitList argument injection exploit module 2018-07-06 12:30:10 -07:00
William Vu d4dfb98fb9
Land #10207, msftidy fixes 2018-06-26 12:40:50 -07:00
Jacob Robles 95cb9f3654
Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution' 2018-06-18 06:55:53 -07:00
William Vu 012de0f6b1
Land #10038, struts_code_exec_parameters EXE fix 2018-05-17 08:16:33 -07:00
William Vu cbac801b88
Land #8727, CVE-2017-9791 exploit 2018-05-17 08:16:33 -07:00
Jacob Robles b2b97db28b
Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE 2018-05-09 17:48:53 -07:00
Jacob Robles dcbc871883
Land #9988, playsms_uploadcsv_exec 2018-05-07 09:35:08 -07:00
Jacob Robles 75196b4fc6
Land #9944, playsms_filename_exec.rb 2018-05-07 09:35:08 -07:00
Jacob Robles 8739befa70
Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-03 09:21:02 -07:00
Chris Higgins ded6a50883
Land #8539, ProcessMaker Plugin Upload exploit 2018-04-04 19:06:18 -07:00
William Vu b870091380
Land #9423, PSH for jenkins_xstream_deserialize 2018-03-27 14:21:47 -05:00
h00die c56e571b18
Land #9702 exploit for clipbucket 2018-03-27 13:55:43 -05:00
Aaron Soto 395320ba97 Land #9379, Oracle Weblogic RCE exploit and documentation 2018-01-26 18:08:56 -06:00
William Vu 366a20a4a4
Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33
Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu e9b9c80841
Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6
Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
WhiteWinterWolf bfd5c2d330
Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00
WhiteWinterWolf a636380e4b Merge the new method into drupal_drupageddon.rb 2017-11-17 13:00:15 +01:00
WhiteWinterWolf 704514a420
New exploit method for Drupageddon (CVE-2014-3704) 
This new script exploits the same vulnerability as
 *exploits/multi/http/drupal_drupageddon.rb*, but in a more efficient way.
 2017-11-16 20:47:44 +01:00
Adam Cammack 4219959c6d
Bump ranking to Excellent 2017-11-15 15:00:47 -06:00
Steven Patterson df2b62dc27
Add Mako Server CMD injection Linux support, update docs, move to multi 2017-11-10 16:28:39 -05:00
attackdebris 500bde1150 get_vars tweak 2017-11-09 04:16:34 -05:00
attackdebris a04bc0a25b Add get_vars, remove a https instance 2017-11-08 16:30:59 -05:00
attackdebris 7173e7f4b4 Add CVE to module description 2017-11-07 11:05:14 -05:00
attackdebris 371f3c333a This commit adds the jenkins_xstream_deserialize module 2017-11-07 09:46:42 -05:00
Jeffrey Martin cfaa34d2a4
more style cleanup for tomcat_jsp_upload_bypass 2017-10-11 15:53:35 -05:00
Jeffrey Martin 9885dc07f7
updates for style 2017-10-11 15:29:47 -05:00
root 03e7797d6c fixed msftidy errors and added documentation 2017-10-11 07:57:01 -04:00
peewpw facc38cde1 set timeout for DELETE request 2017-10-09 21:53:31 -04:00
peewpw be8680ba3d Create tomcat_jsp_upload_bypass.rb 
Created a module for CVE-2017-12617 which uploads a jsp payload and executes it.
 2017-10-08 21:48:47 -04:00
h00die 7535fe255f
land #8736 RCE for orientdb 2017-10-06 14:35:42 -04:00
Tod Beardsley 5f66b7eb1a
Land #8940, @h00die's second round of desc fixes 
One ninja edit along the way as well.
 2017-09-11 13:05:13 -05:00
Brent Cook 54a62976f8 update versions and add quick module docs 2017-09-08 13:59:29 -05:00
William Vu 978fdb07b0 Comment out PSH target and explain why 
I hope we can fix the PSH target in the future, but the Windows dropper
works today, and you can specify a custom EXE if you really want.
 2017-09-08 13:41:06 -05:00
Pearce Barry 2ebf53b647
Minor tweaks... 2017-09-08 10:04:47 -05:00
h00die 00c593e0a2 55 pages of spelling done 2017-09-07 21:18:50 -04:00
William Vu a9a307540f Assign cmd to entire case and use encode for XML 
Hat tip @acammack-r7. Forgot about that first syntax!
 2017-09-07 19:36:08 -05:00
William Vu 8f1e353b6e Add Apache Struts 2 REST Plugin XStream RCE 2017-09-07 19:30:48 -05:00
Tod Beardsley 86db2a5771
Land #8888 from @h00die, with two extra fixes 
Fixes spelling and grammar in a bunch of modules. More to come!
 2017-08-31 14:37:02 -05:00
Brent Cook 202c936868
Land #8826, git submodule remote command execution 2017-08-29 18:11:32 -05:00
Brent Cook 46eeb1bee0 update style 2017-08-29 17:44:39 -05:00
Tim 39299c0fb8 randomize submodule path 2017-08-29 16:54:08 +08:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
n00py 8f17d536a7 Update phpmailer_arg_injection.rb 
Removed second parameter as it was not necessary.  Only changed needed was to change "send_request_cgi" to "send_request_cgi!"
 2017-08-24 00:29:28 -06:00
n00py c49b72a470 Follow 301 re-direct 
I found that in some cases, the trigger URL cannot be accessed directly.  For example, if the uploaded file was example.php, browsing to "example.php" would hit a 301 re-direct to "/example".  It isn't until hitting "/example" that the php is executed.  This small change will just allow the trigger to follow one 301 redirect.
 2017-08-23 18:53:54 -06:00