sinn3r
1828857a63
Change conditions
...
When 'encod_params' is set to true explicitly, or does not have a
value, we make sure it's true. Otherwise, false.
2012-09-15 18:08:29 -05:00
sinn3r
0967d1bfc4
Allow modules to disable URI encoding for GET/POST variables
...
Often in HTTP modules, people are forced to to use 'data' instead
of 'vars_get' or 'vars_post', because the parameters (especially
the names) are URI-encoded, and the application actually may not
recognize the names/values. The new 'encode_params' option allows
that feature to be disabled. However, to make sure we're not
changing existing HTTP modules' behaviors, 'encode_params' is
still true by default (which is the original behavior we've always
been using).
2012-09-15 17:40:42 -05:00
jvazquez-r7
63d2d60c68
delete don't needed line
2012-09-15 23:56:38 +02:00
jvazquez-r7
ff2e9fc157
add changes proposed by sinn3r
2012-09-15 23:55:55 +02:00
jvazquez-r7
cbc778cb47
add changes proposed by sinn3r
2012-09-15 23:53:09 +02:00
jvazquez-r7
0708ec72fc
module moved to a more correct location
2012-09-15 15:31:21 +02:00
jvazquez-r7
0f67f8d08a
target modified
2012-09-15 15:14:33 +02:00
jvazquez-r7
70ff7621d6
added module for CVE-2012-2983
2012-09-15 15:11:12 +02:00
jvazquez-r7
0061d23b37
Added module for CVE-2012-2982
2012-09-15 15:09:19 +02:00
sinn3r
36483d1500
Merge branch 'oracle_btm_writetofil' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-oracle_btm_writetofil
2012-09-14 17:51:36 -05:00
Samuel Huckins
7f03e37cc3
Removing unneeded user-agent gem from cache
2012-09-14 12:33:02 -05:00
jvazquez-r7
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
jvazquez-r7
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
jvazquez-r7
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
jvazquez-r7
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
jvazquez-r7
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
James Lee
3c6319b75f
Add nonx stagers for linux
...
[See #784 ]
2012-09-13 15:15:38 -05:00
Samuel Huckins
578b507dc7
Adding new user-agent gem.
2012-09-13 12:52:33 -05:00
James Lee
caf7619b86
Remove extra comma, fixes syntax errors in 1.8
...
Thanks, Kanedaaa, for reporting
2012-09-13 12:07:34 -05:00
sinn3r
c6c59b6df6
Merge branch 'jlee-r7-bug/redmine-7226-rhost-dns'
2012-09-13 11:04:51 -05:00
sinn3r
1f58458073
Merge branch 'udev_netlink' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-udev_netlink
2012-09-13 10:37:52 -05:00
sinn3r
b31e8fd080
Merge branch 'qdpm_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-qdpm_upload_exec
2012-09-13 10:37:10 -05:00
sinn3r
71a0db9ae5
Make sure the user has a 'myAccount' page
2012-09-13 10:33:43 -05:00
jvazquez-r7
6771466cb7
Added module for CVE-2011-2750
2012-09-13 17:24:16 +02:00
sinn3r
658502d5ad
Add OSVDB-82978
...
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
2012-09-13 10:01:08 -05:00
jvazquez-r7
12f3ef9c7c
added osvdb numbers
2012-09-13 14:00:12 +02:00
James Lee
f38ac954b8
Update linux stagers for NX compatibility
...
- Adds a call to mprotect(2) to the reverse and bind stagers
- Adds accurate source for some other linux shellcode, including some
comments to make it more maintainable
- Adds tools/module_payload.rb for listing all payloads for each exploit
in a greppable format. Makes it easy to find out if a payload change
causes a payload to no longer be compatible with a given exploit.
- Missing from this commit is source for reverse_ipv6_tcp
2012-09-12 18:44:00 -05:00
James Lee
ac2ec99fb7
Add bin for mephos' netstat fixes
...
[Closes #777 ]
2012-09-12 16:57:17 -05:00
James Lee
823bc0a7f6
Merge branch 'mephos-netstat' into rapid7
2012-09-12 16:56:17 -05:00
Tod Beardsley
39f2cbfc3c
Older targets confirmed for CoolType SING
2012-09-12 16:51:51 -05:00
Tod Beardsley
fba219532c
Updating BID for openfiler
2012-09-12 14:13:21 -05:00
m m
40b383e247
I was pretty sure to have removed those fclose before
2012-09-12 13:11:24 -05:00
m m
76e05dff30
fix netstat program name
2012-09-12 13:11:24 -05:00
m m
2ec92030ae
fix netstat program name
2012-09-12 13:11:24 -05:00
Tod Beardsley
033442bf28
Merge remote branch 'jlee-r7/bug/redmine-7233-meterpreter-on-client-exploits'
2012-09-11 15:24:29 -05:00
James Lee
46dfeec402
Adds meterpreter bins all compiled with the same VS
...
Not sure exactly what was causing the breakage, but using bins compiled
with the same version of Visual Studio seems to have fixed the issue.
[FixRM #7233 ]
2012-09-11 14:16:21 -05:00
Tod Beardsley
32e2232de3
Disambiguating hkm from hdm
...
Having an author name of "hkm" really looks like a typo for "hdm," but
it's not.
2012-09-11 11:13:20 -05:00
Adam Dalton
0b0af0a4f5
updating sleep to allow nil arguments
2012-09-11 11:20:03 -04:00
sinn3r
b0ce2c0003
Merge branch 'master' of github.com:rapid7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:24:27 -05:00
sinn3r
83f4b38609
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:19:14 -05:00
jvazquez-r7
61bf15114a
deregistering FILENAME option
2012-09-10 23:14:14 +02:00
sinn3r
2259de3130
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 16:10:22 -05:00
jvazquez-r7
199fbaf33d
use a static filename
2012-09-10 23:08:21 +02:00
HD Moore
221eb88313
Make filename easy to override
2012-09-10 15:59:01 -05:00
sinn3r
1c14c270bc
Merge branch 'winamp_maki_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-winamp_maki_bof
2012-09-10 15:53:16 -05:00
jvazquez-r7
cb975ce0a2
cleanup plus documentation for the maki template
2012-09-10 22:48:04 +02:00
sinn3r
c1604d989f
Merge branch 'bug/redmine-7226-rhost-dns' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-bug/redmine-7226-rhost-dns
2012-09-10 14:05:00 -05:00
sinn3r
f5a0f74d27
Merge branch 'wanem_exec_improve' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-wanem_exec_improve
2012-09-10 13:35:48 -05:00
James Lee
bbeb6cc97a
Add a privilege escalation exploit for udev < 1.4.1
...
Also includes a new ```rm_f``` method for Post::File for deleting remote
files in a platform-independent way.
2012-09-10 12:32:14 -05:00
jvazquez-r7
607c0f023a
added edb references
2012-09-10 17:30:31 +02:00