Commit Graph

686 Commits (ad28f9767f27eb8ca24f04f0479a650b6b24a2f8)

Author SHA1 Message Date
Mekanismen 045b848a30 added exploit module for optimizepress 2013-11-30 21:51:56 +01:00
sinn3r a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection 2013-11-27 19:10:44 -06:00
bcoles a03cfce74c Add table prefix and doc root as fallback options 2013-11-25 17:44:26 +10:30
bcoles d8700314e7 Add Kimai v0.9.2 'db_restore.php' SQL Injection module 2013-11-24 02:32:16 +10:30
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Tod Beardsley 65993704c3
Actually commit the mode change. 2013-11-11 22:16:29 -06:00
jvazquez-r7 bdba80c05c
Land #2569, @averagesecurityguy and others exploit for CVE-2013-4468, CVE-2013-4467 2013-11-07 12:20:42 -06:00
jvazquez-r7 2d4090d9c3 Make option astGUIclient credentials 2013-11-06 20:33:47 -06:00
jvazquez-r7 24d22c96a5 Improve exploitation 2013-11-06 20:15:40 -06:00
jvazquez-r7 2b2ec1a576 Change module location 2013-11-06 15:53:45 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
jvazquez-r7 2ef33aabe7 Clean open_flash_chart_upload_exec 2013-10-24 10:15:28 -05:00
bcoles 8a5d4d45b4 Add Open Flash Chart v2 Arbitrary File Upload exploit 2013-10-24 22:46:41 +10:30
sinn3r 1599d1171d
Land #2558 - Release fixes 2013-10-21 13:48:11 -05:00
Tod Beardsley c070108da6
Release-related updates
* Lua is not an acronym
  * Adds an OSVDB ref
  * credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley 22b4bf2e94
Resplat webtester_exec.rb 2013-10-17 13:30:54 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
jvazquez-r7 352eca1147 Fix check method and set a big space available for payload 2013-10-17 09:30:59 -05:00
bcoles 54cf7855a2 Add WebTester 5.x Command Execution exploit module 2013-10-17 16:57:57 +10:30
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
joev e2a9339592 Add CVE to joomla media upload module. 2013-10-12 21:20:11 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
jvazquez-r7 52574b09cb Add OSVDB reference 2013-10-09 14:13:45 -05:00
jvazquez-r7 24efb55ba9 Clean flashchat_upload_exec 2013-10-05 14:50:51 -05:00
bcoles 08243b277a Add FlashChat Arbitrary File Upload exploit module 2013-10-05 22:30:38 +09:30
jvazquez-r7 299dfe73f1
Land #2460, @xistence's exploit for clipbucket 2013-10-04 12:26:30 -05:00
jvazquez-r7 8e0a4e08a2 Fix author order 2013-10-04 12:25:38 -05:00
xistence 81d4a8b8c1 added clipbucket_upload_exec RCE 2013-10-04 11:43:38 +07:00
Meatballs c460f943f7
Merge branch 'master' into data_dir
Conflicts:
	modules/exploits/windows/local/always_install_elevated.rb
	plugins/sounds.rb
	scripts/meterpreter/powerdump.rb
	scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r 23b0c3b723 Add Metasploit blog references
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
sinn3r 7118f7dc4c Land #2422 - rm methods peer & rport
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
Tab Assassin 2e8d19edcf Retab all the things (except external/) 2013-09-30 13:47:53 -05:00
Meatballs 7ba846ca24 Find and replace 2013-09-26 20:34:48 +01:00
FireFart 84ec2cbf11 remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient 2013-09-25 23:42:44 +02:00
jvazquez-r7 58d4096e0f Resolv conflicts on #2267 2013-09-25 13:06:14 -05:00
jvazquez-r7 a50ab1ddd3
Land #2409, @xistence exploit for ZeroShell 2013-09-24 15:32:55 -05:00
jvazquez-r7 6c2063c9c0 Do not get a session on every execute_command call 2013-09-24 15:31:40 -05:00
jvazquez-r7 79ca123051 Use snake_case 2013-09-24 15:16:51 -05:00
jvazquez-r7 34b84395c1 Fix References field 2013-09-24 15:16:02 -05:00
jvazquez-r7 adfacfbed1 Do not fail_with on method used from check 2013-09-24 15:08:48 -05:00
jvazquez-r7 4b6a646899 Fix typo 2013-09-24 15:06:35 -05:00
jvazquez-r7 f5cac304f4 Use default send_request_cgi timeout 2013-09-24 15:05:24 -05:00
jvazquez-r7 ce4cf55d22
Land #2417, @todb-r7's change to Platform field to make ruby style compliant 2013-09-24 13:30:48 -05:00
William Vu 89222f4b16 Land #2416, OSVDB refs for arkeia_upload_exec 2013-09-24 13:22:24 -05:00
Tod Beardsley c547e84fa7 Prefer Ruby style for single word collections
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.

This change converts all Payloads to this format if there is more than
one payload to choose from.

It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.

See:
  https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
jvazquez-r7 d15f442e56 Add OSVDB references to arkeia_upload_exec 2013-09-24 08:48:28 -05:00
xistence 8b9adf6886 changes made to zeroshell_exec according to suggestions 2013-09-24 08:35:07 +07:00
Tod Beardsley 4bff8f2cdc Update descriptions for clarity. 2013-09-23 13:48:23 -05:00
xistence 6429219a1d added ZeroShell RC2 RCE 2013-09-22 15:13:55 +07:00
jvazquez-r7 bad6f2279d Add OSVDB reference for openemr_sqli_privesc_upload 2013-09-20 09:41:23 -05:00
jvazquez-r7 46a241b168 Fix my own cleanup 2013-09-19 14:51:22 -05:00
jvazquez-r7 31903be393 Land #2380, @xistence exploit for EDB 28329 2013-09-19 14:42:27 -05:00
jvazquez-r7 cb737525b1 Final cleanup for openemr_sqli_privesc_upload 2013-09-19 14:40:57 -05:00
jvazquez-r7 76e170513d Do first clean on openemr_sqli_privesc_upload 2013-09-19 14:36:25 -05:00
jvazquez-r7 cf0375f7e6 Fix check return value 2013-09-19 14:17:45 -05:00
jvazquez-r7 c63423ad69 Update code comment 2013-09-19 13:03:55 -05:00
jvazquez-r7 6073e6f2dc Fix use of normalize_uri 2013-09-19 12:59:37 -05:00
jvazquez-r7 b4fa535f2b Fix usage of fail_with 2013-09-19 12:45:29 -05:00
jvazquez-r7 1aba7550f9 Fix check indentation 2013-09-19 12:44:11 -05:00
jvazquez-r7 1f7c3d82c1 Refactor easy methods 2013-09-19 12:42:38 -05:00
jvazquez-r7 891a54aad7 Fix metadata 2013-09-19 12:41:13 -05:00
xistence 65ee8c7d5c changed openemr_sqli_privesc_upload according to suggestions 2013-09-18 12:38:20 +07:00
xistence d6a1182bd4 changes to arkeia_upload_exec to comply with r7 suggestions #2 2013-09-18 08:24:40 +07:00
xistence 24a671b530 changes to arkeia_upload_exec to comply with r7 suggestions 2013-09-18 08:10:58 +07:00
xistence af873b7349 added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE 2013-09-16 16:19:35 +07:00
xistence b2b629f932 added WD Arkeia Appliance RCE 2013-09-16 14:38:50 +07:00
Tab Assassin f5a4c05dbc Retab changes for PR #2267 2013-09-05 14:11:03 -05:00
Tab Assassin 4703a10b64 Merge for retab 2013-09-05 14:10:58 -05:00
jvazquez-r7 86ceadc53d Fix target description 2013-09-05 13:37:01 -05:00
jvazquez-r7 d43326d0f4 Check 302 while checking too 2013-09-05 13:36:35 -05:00
jvazquez-r7 ab83a12354 Check 302 on anonymous access too 2013-09-05 13:35:52 -05:00
Tab Assassin c9c6f84668 Retab changes for PR #2328 2013-09-05 13:16:15 -05:00
Tab Assassin 9bdc274904 Merge for retab 2013-09-05 13:15:07 -05:00
jgor 84e4b42f6b allow 302 redirects 2013-09-04 16:59:42 -05:00
jgor 66d5af5a11 remove dependency on tmpl=component 2013-09-04 16:58:49 -05:00
Tab Assassin 41e4375e43 Retab modules 2013-08-30 16:28:54 -05:00
jvazquez-r7 26531dbaa7 Land #2100, @ddouhine's exploit for OSVDB 83543 2013-08-28 08:55:59 -05:00
jvazquez-r7 ab572d7d72 Fix Authors metadata section 2013-08-28 08:53:48 -05:00
sinn3r 2e4e3fdbe6 Land #2237 - Fix check function 2013-08-27 11:11:54 -05:00
g0tmi1k 7efe85dbd6 php_include - added @wchen-r7's code improvements 2013-08-27 14:00:13 +01:00
Tod Beardsley 6b15a079ea Update for grammar in descriptions on new modules. 2013-08-26 14:52:51 -05:00
Christian Mehlmauer 45ad043102 moderated comments are now also working (even for unauthenticated users) 2013-08-25 11:02:15 +02:00
Christian Mehlmauer 035258389f use feed first before trying to bruteforce 2013-08-25 10:16:43 +02:00
Christian Mehlmauer 9af1341179 consistent naming 2013-08-24 18:51:07 +02:00
Christian Mehlmauer 9e4a760576 Update payload 2013-08-24 17:30:16 +02:00
Christian Mehlmauer c40252e0b3 bugfixing 2013-08-24 00:04:16 +02:00
Christian Mehlmauer e9eb6b2427 simplification 2013-08-23 22:29:31 +02:00
Christian Mehlmauer 576ae50b73 more feedback implemented 2013-08-23 22:22:56 +02:00
Christian Mehlmauer de3fc1fa6c first feedback implemented 2013-08-23 21:59:36 +02:00
Christian Mehlmauer 556f17c47e Move modules 2013-08-22 17:33:35 +02:00
Christian Mehlmauer 8456d2c0ec remove target_uri 2013-08-22 00:48:42 +02:00
Christian Mehlmauer 959553583f -) revert last commit
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer 009d8796f6 wordpress is now a module, not a mixin 2013-08-22 00:05:58 +02:00
Christian Mehlmauer 2e9a579a08 implement @limhoff-r7 feedback 2013-08-21 21:05:52 +02:00
Christian Mehlmauer ffdd057f10 -) Documentation
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer 49ec0d464a msftidy 2013-08-21 13:15:21 +02:00
Christian Mehlmauer 11ef8d077c -) added wordpress mixin
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
jvazquez-r7 42f774a064 Fix check method 2013-08-20 12:02:09 -05:00
Charlie Eriksen 533d98bd1b Adding module for CVE 2013-5093, Graphite Web Exploit 2013-08-20 12:56:30 -04:00
g0tmi1k 02e394e1c3 php_include - fix check 2013-08-17 17:36:43 +01:00
g0tmi1k 98b4c653c0 php_include - uses verbose 2013-08-17 17:35:09 +01:00
jvazquez-r7 85b050112a Land #2231, @wchen-r7's patch for [SeeRM #8114] 2013-08-16 12:52:10 -05:00
sinn3r d4dbea5594 Check 200 2013-08-16 11:34:32 -05:00
sinn3r cd734acf3e [See RM 8114] - Reduce false positive if traffic is redirected
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
HD Moore 6c1ba9c9c9 Switch to Failure vs Exploit::Failure 2013-08-15 14:14:46 -05:00
jvazquez-r7 1d82ed176f Update joomla_media_upload_exec references 2013-08-13 23:27:01 -05:00
sinn3r e912a64ccc Description change 2013-08-13 19:04:25 -05:00
jvazquez-r7 312ff1a20e Delete period from regular expressions 2013-08-13 17:50:26 -05:00
jvazquez-r7 04eed49310 Add support for FileDropper 2013-08-13 16:47:24 -05:00
jvazquez-r7 e4a570d36b Update metadata according to OSVDB 2013-08-13 16:42:53 -05:00
jvazquez-r7 2086c51b67 Add module for Joomla Upload Exploit in the wild 2013-08-13 16:27:27 -05:00
jvazquez-r7 567873f3cc Use normalize_uri a little better 2013-08-08 15:12:51 -05:00
jvazquez-r7 40a61ec654 Do minor cleanup 2013-08-08 14:47:46 -05:00
Charlie Eriksen 28b36ea29b Removing a space at EOL I missed. 2013-08-08 14:30:53 -04:00
Charlie Eriksen 1c6e994fe8 Adding improvements based on Juan's feedback 2013-08-08 14:29:35 -04:00
root 3a24765585 Adding CVE ID 2013-08-07 18:11:43 -04:00
root 7412981138 Adding an OSVDB reference 2013-08-07 07:15:00 -04:00
root 36bab2fdfa Adding a space between init and check 2013-08-06 16:14:21 -04:00
root be683d5dc6 Fixing the TARGETURI variable, adding check 2013-08-06 16:13:44 -04:00
root a745ec8fa6 Adding reference 2013-08-06 14:43:25 -04:00
root cfd5f29220 Fixing the use of APIKEY, which is not needed 2013-08-06 14:10:48 -04:00
root 69a86b60e2 Added initial squash RCE exploit 2013-08-06 14:00:17 -04:00
Tod Beardsley 7e539332db Reverting disaster merge to 593363c5f with diff
There was a disaster of a merge at 6f37cf22eb that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).

What this commit does is simulate a hard reset, by doing thing:

 git checkout -b reset-hard-ohmu
 git reset --hard 593363c5f9
 git checkout upstream-master
 git checkout -b revert-via-diff
 git diff --no-prefix upstream-master..reset-hard-ohmy > patch
 patch -p0 < patch

Since there was one binary change, also did this:

 git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf

Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7 3a8856ae7f Apply review to spip_connect_exec 2013-07-15 09:44:05 -05:00
jvazquez-r7 bc44d42888 Move module to unix/webapps 2013-07-15 09:43:28 -05:00
jvazquez-r7 64b2f3f7a0 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-08 16:55:39 -05:00
Tod Beardsley 8d7396d60a Minor description changes on new modules 2013-07-08 16:24:40 -05:00
jvazquez-r7 6e44cb56bf Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-03 12:44:47 -05:00
jvazquez-r7 f3f3a8239e Land #2043, @ricardojba exploit for InstantCMS 2013-07-03 12:11:30 -05:00
jvazquez-r7 c07e65d16e Improve and clean instantcms_exec 2013-07-03 11:37:57 -05:00
Ricardo Almeida dd876008f9 Update instantcms_exec.rb 2013-07-02 17:26:14 +01:00
jvazquez-r7 72f19181d1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-07-01 16:38:19 -05:00
Ricardo Almeida dafa333e57 Update instantcms_exec.rb 2013-07-01 22:03:37 +01:00
Tod Beardsley bc24f99f8d Various description and title updates 2013-07-01 15:37:37 -05:00
Ricardo Almeida 760133d878 Error on line 60 2013-07-01 12:04:03 -04:00
Ricardo Almeida 4cd08966ff added InstantCMS 1.6 PHP Code Injection 2013-07-01 11:44:47 -04:00
jvazquez-r7 0ff1cd24a9 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-30 10:03:30 -05:00
jvazquez-r7 867eed7957 Make msftidy happy 2013-06-30 10:01:40 -05:00
jvazquez-r7 db00599d44 Move carberp_backdoor_exec to unix webapp exploits foler 2013-06-30 10:00:14 -05:00
jvazquez-r7 90b30dc317 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-26 14:31:52 -05:00
Steve Tornio 6ea622c45e reference updates 2013-06-26 09:44:56 -05:00
jvazquez-r7 0c306260be Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-25 09:13:01 -05:00
sinn3r 4df943d1a2 CVE and OSVDB update 2013-06-25 02:06:20 -05:00
jvazquez-r7 31fcb911f2 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-23 21:41:10 -05:00
sinn3r 5b0092ff39 Land #2006 - Ref updates 2013-06-23 18:26:48 -05:00
jvazquez-r7 345773592f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-22 13:54:47 -05:00
Steve Tornio 14850cd387 reference updates for multiple modules 2013-06-22 07:28:04 -05:00
sinn3r 339f2a5c83 Hmmm, one extra ',' 2013-06-21 21:29:17 -05:00
sinn3r 8d422c9a39 Forgot to randomize the fake pass and remove the payload during testing 2013-06-21 21:27:11 -05:00
sinn3r e7d75d6d16 Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution 2013-06-21 21:03:10 -05:00
jvazquez-r7 fc7670fa5f Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 23:16:04 -05:00
jvazquez-r7 494ee160af Fix indent 2013-06-19 23:12:12 -05:00
jvazquez-r7 2d99c46414 Land #1990, @wchen-r7's exploit for Libretto CMS 2013-06-19 23:11:34 -05:00
sinn3r 079477c57d Commit final version 2013-06-19 20:35:24 -05:00
jvazquez-r7 869438cb73 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 19:57:40 -05:00
sinn3r 62b23bc594 Initial (incomplete) commit 2013-06-19 16:59:15 -05:00
James Lee 81b4efcdb8 Fix requires for PhpEXE
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
jvazquez-r7 6d1101b65b Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-19 12:14:53 -05:00
sinn3r d347be35e9 Land #1986 - Restores MoinMoin during exploitation 2013-06-19 12:14:10 -05:00
jvazquez-r7 a894dc83c2 Try restore also at exploiting time 2013-06-19 11:35:52 -05:00
sinn3r 7b0977f897 Change base path 2013-06-19 11:33:45 -05:00
sinn3r f0c81ed3cc Correct disclosure date 2013-06-19 03:00:32 -05:00
sinn3r 67593d6ef4 Eh, PHP, not "php" 2013-06-19 02:34:49 -05:00
sinn3r 9c3bd12613 If I can't write, I want to know.
It's possible that the upload directory doesn't allow write, the
module should be aware of that.  Other reasons may be possible.
2013-06-19 02:32:30 -05:00
sinn3r 19d868748d Final version 2013-06-19 02:21:01 -05:00
sinn3r 5c1822ea17 Initial commit for havalite module 2013-06-18 19:00:42 -05:00
jvazquez-r7 2b46828d9c Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-06-18 08:27:18 -05:00
sinn3r 3223ea799c An invalid WritablePage option can result the same message as well. 2013-06-17 22:30:44 -05:00
jvazquez-r7 044bd2101f Authenticate against the page to modify 2013-06-17 20:34:02 -05:00
jvazquez-r7 0bd6ca2a6a Add module for CVE-2012-6081 2013-06-17 16:13:55 -05:00
jvazquez-r7 0f3b13e21d up to date 2013-05-16 15:02:41 -05:00
h0ng10 460542506d changed to array 2013-05-16 19:01:20 +02:00
jvazquez-r7 a7e4ba5015 Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-30 08:32:24 -05:00
Tod Beardsley 60e0cfb17b Trivial description cleanup 2013-04-29 14:11:20 -05:00
jvazquez-r7 a4632b773a Merge branch 'master' of https://github.com/rapid7/metasploit-framework 2013-04-28 12:59:16 -05:00
sinn3r 6c76bee02f Trying to make the description sound smoother 2013-04-26 16:02:28 -05:00
jvazquez-r7 9b5e96b66f Fix @jlee-r7's feedback 2013-04-25 14:53:09 -05:00
jvazquez-r7 52b721c334 Update description 2013-04-25 14:47:35 -05:00
jvazquez-r7 84e9f80ffa Add check for WP-Super-Cache 2013-04-25 14:43:16 -05:00
jvazquez-r7 15c8d92148 Fix version checked and add reference 2013-04-25 12:48:36 -05:00
jvazquez-r7 7d317e5933 Switch from post to get on check 2013-04-25 07:51:28 -05:00
jvazquez-r7 d55faa14d3 Add check function 2013-04-25 07:44:37 -05:00
jvazquez-r7 51fd07a145 Add BID reference 2013-04-24 21:48:05 -05:00
jvazquez-r7 378c2079a2 Add hdm also as author 2013-04-24 17:37:29 -05:00
jvazquez-r7 b816dd569c Update description 2013-04-24 17:34:25 -05:00
jvazquez-r7 573e880a62 Use the correct post id when posting 2013-04-24 17:30:24 -05:00
jvazquez-r7 ded0269ba0 Add POST ID bruteforcing capabality 2013-04-24 17:21:36 -05:00
jvazquez-r7 fca4c3b8b2 Add sha1 sum check to allow execution 2013-04-24 16:10:49 -05:00
jvazquez-r7 d2e29b846c Add module for Wordpress Total Cache PHP Injection 2013-04-24 15:29:40 -05:00
jvazquez-r7 787f8cc32f up to date 2013-03-26 12:18:53 +01:00
jvazquez-r7 1d95abc458 cleanup for joomla_comjce_imgmanager 2013-03-26 12:02:39 +01:00
jvazquez-r7 9b3bbd577f module moved to unix webapps 2013-03-26 12:02:08 +01:00
jvazquez-r7 c151d867dc up to date 2013-03-12 17:04:27 +01:00
jvazquez-r7 6603dcd652 up to date 2013-03-12 17:04:13 +01:00
jvazquez-r7 5a70314f55 up to date 2013-03-12 16:57:48 +01:00
jvazquez-r7 15742c49cb up to date 2013-03-12 16:57:48 +01:00
Patrick Webster 1c3aa97bf8 Added Lotus Protector exploit module. 2013-03-12 16:57:47 +01:00
jvazquez-r7 4852f1b9f7 modify exploits to be compatible with the new netcat payloads 2013-03-11 18:35:44 +01:00
James Lee 2160718250 Fix file header comment
[See #1555]
2013-03-07 17:53:19 -06:00
David Maloney c290bc565e Merge branch 'master' into feature/http/authv2 2013-02-28 14:33:44 -06:00
David Maloney 0ae489b37b last of revert-merge snaffu 2013-02-19 23:16:46 -06:00
jvazquez-r7 6b1bb9e1e8 Added module for OSVDB 90222 2013-02-16 13:11:46 +01:00
Tod Beardsley 8ddc19e842 Unmerge #1476 and #1444
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.

First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.

FixRM #7752
2013-02-11 20:49:55 -06:00
David Maloney 8d013d1034 Merge branch 'master' into http/auth_methods 2013-02-04 13:11:57 -06:00
David Maloney 4c1e630bf3 BasicAuth datastore cleanup
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
sinn3r 027ba28e70 Merge branch 'jvazquez-r7-datalife_template' 2013-02-01 16:27:18 -06:00
HD Moore a63cf6977c Fix 1.8 support 2013-02-01 14:39:32 -06:00
jvazquez-r7 bf7bb9952e added template stuff improve 2013-02-01 11:53:42 +01:00
sinn3r de8572d934 Use normalize_uri for URI 2013-01-31 16:57:48 -06:00
jvazquez-r7 70b252dc7b Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2 2013-01-31 22:32:50 +01:00
jvazquez-r7 b2ce9302c6 uri normalization in the old way 2013-01-31 16:59:49 +01:00
jvazquez-r7 365e1b0557 added module for cve-2013-1412 2013-01-31 16:09:14 +01:00
sinn3r c174e6a208 Correctly use normalize_uri()
normalize_uri() should be used when you're joining URIs.  Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
bcoles 970591a85f Add ZoneMinder arbitrary command execution exploit 2013-01-22 22:56:50 +10:30
jvazquez-r7 9769efbf01 references and date updated 2013-01-20 17:38:37 +01:00
bcoles dc318c5aed update php_charts_exec metadata 2013-01-21 02:12:42 +10:30
bcoles f975a42571 move and update php_charts_exec metadata 2013-01-21 02:10:48 +10:30
jvazquez-r7 2348a0b066 final cleanup and testing 2013-01-16 11:55:14 +01:00
Jose Selvi 064ea63a72 Fixes 2013-01-16 05:22:43 +01:00
Jose Selvi 18f81fd6f4 Nagios3 history.cgi exploit 2013-01-15 15:32:32 +01:00
sinn3r 2a1ab2c99a Improve the module 2013-01-07 19:03:58 -06:00
sinn3r 1d3c1ec7fc Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master 2013-01-07 19:03:35 -06:00
Charlie Eriksen 4e0fca6d0f Adding DB error handling
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.

Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
Tod Beardsley 33751c7ce4 Merges and resolves CJR's normalize_uri fixes
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules

Note that this trips all kinds of msftidy warnings, but that's for another
day.

Conflicts:
	modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
	modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Charlie Eriksen a8df3d71ff Changes based on Sinn3r's feedback
A bucket-load of changes!

- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
Charlie Eriksen a5113f0da4 Adding a check function
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.

So pretty simple.
2013-01-05 18:37:29 +00:00
Charlie Eriksen ae72022777 Improvement for CVE 2012-4915
Made two tiny improvements based on Meatballs' points

- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
Charlie Eriksen 25cadf8b87 Adding exploit for CVE 2012-4915
Initial commit.

Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
sinn3r b50e040e69 Fix e-mail format, and the extra comma 2013-01-04 01:11:40 -06:00
Christian Mehlmauer 8f2dd8e2ce msftidy: Remove $Revision$ 2013-01-04 00:48:10 +01:00
Christian Mehlmauer 25aaf7a676 msftidy: Remove $Id$ 2013-01-04 00:41:44 +01:00
jvazquez-r7 758edd7aed make msftidy happy 2013-01-03 00:02:03 +01:00
Charlie Eriksen 97253d46a1 Multiple change for Juan
Incooperated changes as per Juan's suggestions.

- Removed redundant space option for the payload
- Doing the uri more intelligently
- Detecting allow_url_include being disabled and reporting it
- Moved to unix/webapp
- Removed redundant handler call
- Adding to description that this requires allow_url_include to be
enabled
2013-01-02 21:19:06 +00:00
sinn3r 2682908ff2 Small corrections here and there 2012-12-24 18:20:46 -06:00
jvazquez-r7 5b8492fc0d module cleanup by juan 2012-12-24 23:26:40 +01:00
jvazquez-r7 ac6f34dc09 module name renamed 2012-12-24 23:26:06 +01:00
jvazquez-r7 bf036c97ad added initial submission from james fitts 2012-12-24 23:25:25 +01:00
jvazquez-r7 7173c9b598 update james email address 2012-12-24 22:46:47 +01:00
sinn3r d69e506221 Final changes 2012-12-24 15:08:52 -06:00
sinn3r 3d27397429 This error will still show even if we get a shell 2012-12-24 15:06:15 -06:00
jvazquez-r7 0950240d9a module cleanup by juan 2012-12-24 18:59:45 +01:00
jvazquez-r7 9020c96373 module renamed 2012-12-24 18:59:25 +01:00
jvazquez-r7 09568f255e Submission by James Fitts 2012-12-24 18:58:53 +01:00
sinn3r 9af8c9b457 Small corrections 2012-12-21 18:52:40 -06:00
jvazquez-r7 d5f08a2405 Added module for CVE-2012-6329 for foswiki 2012-12-21 22:08:08 +01:00
sinn3r 115ad9ae33 Small corrections 2012-12-21 12:56:44 -06:00
jvazquez-r7 76cad3dd4c Added module for CVE-2012-6329 2012-12-21 11:30:04 +01:00