sinn3r
af16f11784
Another update
2013-12-06 14:39:26 -06:00
sinn3r
87e77b358e
Use the correct URI
2013-12-06 12:08:19 -06:00
sinn3r
5d4acfa274
Plenty of changes
2013-12-06 11:57:02 -06:00
sinn3r
c07686988c
random uri
2013-12-05 18:07:24 -06:00
sinn3r
8e9723788d
Correct description
2013-12-04 17:25:58 -06:00
sinn3r
fb2fcf429f
This one actually works
2013-12-04 17:22:42 -06:00
sinn3r
d0071d7baa
Add CVE-2013-6414 Rails Action View DoS
2013-12-04 14:57:30 -06:00
Tod Beardsley
23448b58e7
Remove timeout checkers that are rescued anyway
2013-11-25 12:37:23 -06:00
Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
jvazquez-r7
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
joev
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
joev
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
joev
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
joev
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
joev
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
Tod Beardsley
9045eb06b0
Various title and description updates
2013-10-28 14:00:19 -05:00
jvazquez-r7
bdf07456ba
Last cleanup for nodejs_pipelining
2013-10-22 15:00:58 -05:00
Jonathan Rudenberg
db447b65f9
Add exploit for Node.js HTTP Pipelining DoS
2013-10-22 15:12:14 -04:00
Tod Beardsley
23d058067a
Redo the boilerplate / splat
...
[SeeRM #8496 ]
2013-10-15 13:51:57 -05:00
FireFart
09fa7b7692
remove rport methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:50:34 +02:00
FireFart
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
Tod Beardsley
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
sinn3r
6168eb7590
Land #1981 - Canon Wireless Printer Denial of Service
2013-06-18 19:04:48 -05:00
sinn3r
7d15dc379d
Make msftidy happy
2013-06-18 19:04:03 -05:00
Matt Andreko
0533ca68dc
Added DoS result checking
...
Lowered the http timeout
2013-06-18 19:48:21 -04:00
Matt Andreko
8c28631d4b
Fixed the date format
...
Removed the rport option
These are items that were code-review for my other related module, so
I figured they should be done here too
2013-06-18 12:17:50 -04:00
Tod Beardsley
4ca9a88324
Tidying up grammar and titles
2013-06-17 16:49:14 -05:00
Matt Andreko
d877e4d489
Added CVE and disclosure date
2013-06-17 17:41:50 -04:00
Matt Andreko
3923bbeee9
Update
2013-06-15 18:28:58 -04:00
Matt Andreko
0494ac9218
Added Canon Wireless Printer DoS module
2013-06-15 18:23:04 -04:00
jvazquez-r7
fd74390952
Clean monkey_headers
2013-06-13 18:07:35 -05:00
sinn3r
73aff97053
Land #1950 - Monkey HTTPD Header Parsing Denial-of-Service
...
This is the reviewed/updated version of pull request #1950 . We're
landing this one instead because the other one has a lot of
unnecessary commit messages.
2013-06-13 15:56:34 -05:00
sinn3r
a09b3b8023
Lands #1169 - Adds a check
...
[Closes #1169 ]
Conflicts:
modules/auxiliary/dos/http/apache_range_dos.rb
2013-04-22 15:50:15 -05:00
sinn3r
882b084cba
Changes the default action
2013-04-22 15:47:38 -05:00
sinn3r
7e28a4ddb0
Uses "ACTIONS" keys instead of datastore options
...
It's better to use ACTIONS instead of datastore in this case. Also,
did some cleanup.
2013-04-22 15:41:47 -05:00
James Lee
2f11796dfa
Fix typo
...
[SeeRM #7800 ]
2013-03-13 16:10:20 -05:00
sinn3r
92093cd7d8
There's no HttpClient, so it shouldn't be using normalize_uri
2013-02-19 15:04:18 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
Tod Beardsley
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
Christian Mehlmauer
95948b9d7c
msftidy: remove $Revision$
2013-01-03 00:58:09 +01:00
Christian Mehlmauer
ca890369b1
msftidy: remove $Id$
2013-01-03 00:54:48 +01:00
T0X1C-1
1714fa21b1
adjusted DOS part to use HttpClient
2012-12-17 15:46:39 +01:00
T0X1C-1
a48c14124b
added CHECK functionality to the existing module
2012-12-13 16:54:50 +01:00
sinn3r
64a8b59ff9
Change CVE forma
...
Although the original text should work perfectly, for better
consistency, it's best to remove the "CVE" part. This may not
be a big deal in framework, but stands out a lot in Pro.
2012-12-09 01:09:21 -06:00
HD Moore
93a69ea62e
Fix instances of invalid lower-case datastore use
2012-11-29 00:05:36 -06:00
Tod Beardsley
6b4c131cf5
Avoiding a future conflict with release
2012-11-20 13:24:19 -06:00