Commit Graph

965 Commits (9e7a330ac849a746b4e68798a9bacd44a829837c)

Author SHA1 Message Date
Brent Cook c7c0e12bb3 remove various module hacks for the datastore defaults not preserving types 2016-03-05 23:11:39 -06:00
Brent Cook 3d1861b3f4 Land #6526, integrate {peer} string into logging by default 2016-02-15 15:19:26 -06:00
James Lee 12256a6423
Remove now-redundant peer
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
2016-02-01 15:12:03 -06:00
rastating a7cd5991ac Add encoding of the upload path into the module 2016-01-17 22:44:41 +00:00
rastating 5660c1238b Fix problem causing upload to fail on versions 1.2 and 1.3 of theme 2016-01-17 18:44:00 +00:00
Jon Hart 283cf5b869
Update msftidy to catch more potential URL vs PACKETSTORM warnings
Fix the affected modules
2015-12-24 09:12:24 -08:00
Jon Hart 27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL 2015-12-24 09:05:02 -08:00
wchen-r7 11c1eb6c78 Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
HD Moore 16d0d53150 Update Shellshock modules, add Advantech coverage 2015-12-01 10:40:46 -06:00
William Vu b2d6458f50
Land #6129, Joomla SQLi RCE 2015-11-20 14:30:23 -06:00
William Vu 7c5d292e42
Land #6201, chkrootkit privesc 2015-11-19 10:37:30 -06:00
William Vu 657e50bb86 Clean up module 2015-11-18 12:50:57 -06:00
HD Moore f86f427d54 Move Compat into Payload so that is actually used 2015-11-09 16:06:05 -06:00
William Vu 2df149b0a5
Land #6189, extraneous Content-Length fix 2015-11-06 14:36:40 -06:00
William Vu 3cae7999aa Prefer ctype over headers['Content-Type'] 2015-11-06 14:36:21 -06:00
wchen-r7 f957acf9ba Fix Framework Rspec Failure
Needs to do:
include Msf::Exploit::Remote::HTTP::Wordpress
2015-11-06 13:56:05 -06:00
wchen-r7 fb9a40f15c
Land #6103, Add WordPress Plugin Ajax Load More Auth File Upload Vuln 2015-11-06 13:18:48 -06:00
wchen-r7 73f630b25a Note default.php 2015-11-06 13:18:24 -06:00
dmohanty-r7 a71d7ae2ae
Land #6089, @jvazquez-r7 Fix HTTP mixins namespaces 2015-11-05 16:56:41 -06:00
pyllyukko 4390fda513
Remove extra Content-Length HTTP header
The send_request_raw already sets the header and if it's set also in the
module, Metasploit sends the header twice.
2015-11-05 14:38:06 +02:00
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
xistence f632dd8f67 Add Joomla Content History SQLi RCE exploit module 2015-10-23 17:25:44 +07:00
William Vu 997e8005ce Fix nil http_method in php_include 2015-10-21 13:22:09 -05:00
Roberto Soares ba75e85eb3 Add WP Ajax Load More Plugin File Upload Vuln. 2015-10-17 13:30:36 -03:00
jvazquez-r7 67820f8b61
Fix Packetstorm references 2015-10-15 12:42:59 -05:00
jvazquez-r7 cf9ddbb701
Update moduels using Msf::HTTP::Wordpress 2015-10-15 11:47:13 -05:00
William Vu bf9530d5ba
Land #5941, X11 keyboard exec module 2015-10-14 11:38:47 -05:00
HD Moore d67b55d195 Fix autofilter values for aggressive modules 2015-10-13 15:56:18 -07:00
xistence dc8d1f6e6a Small changes 2015-09-12 13:08:58 +07:00
xistence 1d492e4b25 Lots of X11 protocol changes 2015-09-06 15:55:16 +07:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
HD Moore 95b9208a63 Change recv to get_once to avoid indefinite hangs, cosmetic tweaks. 2015-09-02 10:30:19 -05:00
xistence a81a9e0ef8 Added TIME_WAIT for GUI windows 2015-09-02 16:55:20 +07:00
HD Moore cd65478d29
Land #5826, swap ExitFunction -> EXITFUNC 2015-09-01 13:58:12 -05:00
Christian Mehlmauer 115f409fef
change exitfunc to thread 2015-09-01 10:48:07 +02:00
Christian Mehlmauer 3e613dc333
change exitfunc to thread 2015-09-01 10:43:45 +02:00
Christian Mehlmauer 648c034d17
change exitfunc to thread 2015-09-01 10:42:15 +02:00
Brent Cook d670a62000
Land #5822, migrate obsolete payload compatibility options 2015-08-31 15:20:20 -05:00
Christian Mehlmauer 80a22412d9 use EXITFUNC instead of ExitFunction 2015-08-13 21:22:32 +02:00
jvazquez-r7 203c231b74
Fix #5659: Update CMD exploits payload compatibility options 2015-08-10 17:12:59 -05:00
wchen-r7 54c5c6ea38 Another update 2015-07-29 14:31:35 -05:00
William Vu 405261df4f
Land #5710, php_wordpress_total_cache removal
Deprecated.
2015-07-13 18:33:12 +00:00
William Vu 3feef639b9
Land #5711, php_wordpress_optimizepress removal
Deprecated.
2015-07-13 18:32:37 +00:00
William Vu 6e12cbf98f
Land #5712, php_wordpress_lastpost removal
Deprecated.
2015-07-13 18:31:31 +00:00
William Vu dd188b1943
Land #5713, php_wordpress_infusionsoft removal
Deprecated.
2015-07-13 18:31:01 +00:00
wchen-r7 4960e64597 Remove php_wordpress_foxypress, use wp_foxypress_upload
Please use exploit/unix/webapp/wp_foxypress_upload instead.
2015-07-13 12:53:34 -05:00
wchen-r7 dfbeb24a8f Remove php_wordpress_infusionsoft, use wp_infusionsoft_upload
Please use exploit/unix/webapp/wp_infusionsoft_upload instead.
2015-07-13 12:51:48 -05:00
wchen-r7 b80427aed2 Remove php_wordpress_lastpost, use wp_lastpost_exec instead.
Please use exploit/unix/webapp/wp_lastpost_exec instead
2015-07-13 12:49:27 -05:00
wchen-r7 90cc3f7891 Remove php_wordpress_optimizepress, use wp_optimizepress_upload
Please use exploit/unix/webapp/wp_optimizepress_upload instead.
2015-07-13 12:45:39 -05:00
wchen-r7 4177cdacd6 Remove php_wordpress_total_cache, please use wp_total_cache_exec
The time is up for exploit/unix/webapp/php_wordpress_total_cache,
please use exploit/unix/webapp/wp_total_cache_exec instead.
2015-07-13 12:41:29 -05:00