ae59f03ac9
Fixing print message in snort module
2012-06-13 14:04:05 -05:00
a631e1fef1
Change the default state to make it work on Metasploitable by default
2012-06-13 00:43:59 -05:00
597726d433
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-13 00:40:02 -05:00
bbfe0f8f49
" is 0x22, duh.
2012-06-12 20:00:28 -05:00
12a28bd519
Fixed ruby 1.9 String Indexing issue, using Rex::Text.uri_encode
2012-06-12 14:59:06 -05:00
c3c9051014
Merge branch 'php_cgi_arg_injection' of https://github.com/jjarmoc/metasploit-framework into jjarmoc-php_cgi_arg_injection
2012-06-11 11:15:15 -05:00
02a5dff51f
struts_code_exec_exception_delegator_on_new_session: on_new_session modified
2012-06-11 12:07:38 +02:00
b4d33fb85a
Add ARCH_JAVA support to struts_code_exec_exception_delegator
2012-06-09 21:53:43 +02:00
a709fe1fe3
Fix regex escaping thanks to w3bd3vil
2012-06-07 16:00:59 -05:00
462a91b005
Massive whitespace destruction
...
Remove tabs at the end of the line
2012-06-06 00:44:38 -05:00
a3048c7ae8
Clear whitespace
2012-06-05 11:28:47 -05:00
dc6b2f4205
merged unstable-modules/exploits/incomplete/linux/ids/snortdcerpc.rb with exploits/windows/ids/snort_dce_rpc.rb
2012-06-05 04:14:40 -07:00
a071d2805e
Fix the rest of possible nil res bugs I've found
2012-06-04 14:56:27 -05:00
b53a1396fc
Use of TARGETURI
2012-06-03 22:36:23 +02:00
659b030269
Verbose messages cleanup
2012-06-03 22:29:31 +02:00
34f42bab17
Fix typo in the URI param
2012-06-03 22:14:13 +02:00
efe4136e5b
Added module for CVE-2012-0391
2012-06-03 22:08:31 +02:00
1817942aae
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 17:43:51 -05:00
7bb36bfbde
Fix typo thanks to juan
2012-06-02 16:57:53 -05:00
7e318e9787
Merge branch 'logcms_writeinfo' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-logcms_writeinfo
2012-06-02 14:14:56 -05:00
3752c10ccf
Adding FireFart's RPORT(80) cleanup
...
This was tested by creating a resource script to load every changed
module and displaying the options, like so:
````
use auxiliary/admin/2wire/xslt_password_reset
show options
use auxiliary/admin/http/contentkeeper_fileaccess
show options
````
...etc. This was run in both the master branch and FireFart's branch
while spooling out the results of msfconsole, then diffing those
results. All modules loaded successfully, and there were no changes to
the option sets, so it looks like a successful fix.
Thanks FireFart!
Squashed commit of the following:
commit 7c1eea53fe3743f59402e445cf34fab84cf5a4b7
Author: Christian Mehlmauer <FireFart@gmail.com>
Date: Fri May 25 22:09:42 2012 +0200
Cleanup Opt::RPORT(80) since it is already registered by Msf::Exploit::Remote::HttpClient
2012-06-02 09:53:19 -05:00
59468846e3
Change filename
2012-06-02 01:51:20 -05:00
522991f351
Correct name
2012-06-02 01:49:43 -05:00
7fd3644b8b
Add CVE-2011-4825 module
2012-06-01 18:45:44 -05:00
4681ed1c1e
Whitespace, thanks msftidy.rb!
2012-05-31 18:18:27 -06:00
5105c1a4df
add osvdb ref
2012-05-31 08:49:58 -05:00
7e6c2f340e
Minor updates; added BID, fixed grammar
...
Modules should not refer to themselves in the first person unless they
are looking for Sarah Connor.
2012-05-30 16:16:41 -05:00
54e14014c3
Merge pull request #428 from wchen-r7/php_volunteer
...
Add PHP Volunteer Management System exploit
2012-05-30 09:33:32 -07:00
59ea8c9ab9
Print IP/Port for each message
2012-05-30 11:30:55 -05:00
43dffbe996
If we don't get a new file, we assume the upload failed. This is
...
possible when we actually don't have WRITE permission to the
'uploads/' directory.
2012-05-30 11:26:06 -05:00
efdcda55ef
Don't really care about the return value for the last send_request_raw
2012-05-30 11:00:31 -05:00
13ba51db34
Allow the login() function to be a little more verbose for debugging purposes
2012-05-30 10:56:59 -05:00
b81315790d
Add PHP Volunteer Management System exploit
2012-05-30 10:38:45 -05:00
ac0d22453a
Merge pull request #414 from wchen-r7/apprain
...
Add CVE-2012-1153
2012-05-23 16:34:30 -07:00
8d837f5d20
Module description update. TARGETURI description update.
2012-05-23 18:33:32 -05:00
fab3bfcea1
Add CVE-2012-1153
2012-05-23 17:50:13 -05:00
87ce3fe2f7
Adding extra ref from jjarmoc
2012-05-22 11:17:57 -05:00
1104dccde8
Noting rhost/rport, cli.peerhost where appropriate
...
There's no msftidy check for this, and it's irritating to have to
remember to do this all the time.
2012-05-21 11:19:02 -05:00
7cc905832e
Consistent caps on SVG in batik_svg_java exploit
...
Also, modules should not refer to themselves as "I" or "me." It's
creepy.
2012-05-21 11:14:03 -05:00
5dd866ed4a
Fixed print_status to include rhost:rport
...
Also don't let the failed user:pass be a mystery to the user.
2012-05-21 11:11:34 -05:00
1fc7597a56
Msftidy fixes.
...
Fixed up activecollab_chat, batik_svg_java, and foxit_reader_launch
All whitespace fixes.
2012-05-21 10:59:52 -05:00
ba2787df8a
add osvdb ref
2012-05-20 07:13:56 -05:00
c95a06e247
add osvdb ref
2012-05-20 07:13:31 -05:00
628233d15c
Merge pull request #399 from wchen-r7/hp_storageworks
...
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:14:49 -07:00
d8c3edd316
Add HP StorageWorks VSA command execution vulnerability
2012-05-19 14:53:45 -05:00
964a6af423
Add Active Collab chat module PHP injection exploit, by mr_me
2012-05-19 02:06:30 -05:00
2fccf4674f
Be explicit on what version we've tested
2012-05-17 11:04:40 -05:00
0fd3f96720
errata fixed
2012-05-17 17:23:16 +02:00
14d8ba00af
Added batik svg java module
2012-05-17 16:48:38 +02:00
fe7928c18d
Merge pull request #390 from jlee-r7/consolidate-250-254-375
...
Consolidate #250 , #254 , #375
2012-05-16 17:07:33 -07:00
Tod Beardsley
sinn3r
Jeff Jarmoc
jvazquez-r7
Michael Schierl
0a2940
Christian Mehlmauer
James Lee
Steve Tornio
sinn3r
jlee-r7