7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
a50ab1ddd3
Land #2409 , @xistence exploit for ZeroShell
2013-09-24 15:32:55 -05:00
6c2063c9c0
Do not get a session on every execute_command call
2013-09-24 15:31:40 -05:00
79ca123051
Use snake_case
2013-09-24 15:16:51 -05:00
34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
ce4cf55d22
Land #2417 , @todb-r7's change to Platform field to make ruby style compliant
2013-09-24 13:30:48 -05:00
89222f4b16
Land #2416 , OSVDB refs for arkeia_upload_exec
2013-09-24 13:22:24 -05:00
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
d15f442e56
Add OSVDB references to arkeia_upload_exec
2013-09-24 08:48:28 -05:00
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
8db1a389eb
Land #2304 fix post module require order
...
Incidentally resolve conflict on current_user_psexec to account for the
new powershell require.
2013-09-23 16:52:23 -05:00
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
46a241b168
Fix my own cleanup
2013-09-19 14:51:22 -05:00
31903be393
Land #2380 , @xistence exploit for EDB 28329
2013-09-19 14:42:27 -05:00
cb737525b1
Final cleanup for openemr_sqli_privesc_upload
2013-09-19 14:40:57 -05:00
76e170513d
Do first clean on openemr_sqli_privesc_upload
2013-09-19 14:36:25 -05:00
cf0375f7e6
Fix check return value
2013-09-19 14:17:45 -05:00
c63423ad69
Update code comment
2013-09-19 13:03:55 -05:00
6073e6f2dc
Fix use of normalize_uri
2013-09-19 12:59:37 -05:00
b4fa535f2b
Fix usage of fail_with
2013-09-19 12:45:29 -05:00
1aba7550f9
Fix check indentation
2013-09-19 12:44:11 -05:00
1f7c3d82c1
Refactor easy methods
2013-09-19 12:42:38 -05:00
891a54aad7
Fix metadata
2013-09-19 12:41:13 -05:00
65ee8c7d5c
changed openemr_sqli_privesc_upload according to suggestions
2013-09-18 12:38:20 +07:00
d6a1182bd4
changes to arkeia_upload_exec to comply with r7 suggestions #2
2013-09-18 08:24:40 +07:00
24a671b530
changes to arkeia_upload_exec to comply with r7 suggestions
2013-09-18 08:10:58 +07:00
150f0f644e
Merge branch 'rapid7' into bug/osx-mods-load-order
...
Conflicts:
modules/post/windows/gather/enum_dirperms.rb
2013-09-17 18:21:13 -05:00
af873b7349
added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE
2013-09-16 16:19:35 +07:00
b2b629f932
added WD Arkeia Appliance RCE
2013-09-16 14:38:50 +07:00
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
845bf7146b
Retab changes for PR #2304
2013-09-05 13:41:25 -05:00
adf9ff356c
Merge for retab
2013-09-05 13:41:23 -05:00
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
c9c6f84668
Retab changes for PR #2328
2013-09-05 13:16:15 -05:00
9bdc274904
Merge for retab
2013-09-05 13:15:07 -05:00
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
63adde2429
Fix load order in posts, hopefully forever
2013-08-29 13:37:50 -05:00
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
9af1341179
consistent naming
2013-08-24 18:51:07 +02:00
9e4a760576
Update payload
2013-08-24 17:30:16 +02:00
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
e9eb6b2427
simplification
2013-08-23 22:29:31 +02:00
576ae50b73
more feedback implemented
2013-08-23 22:22:56 +02:00
de3fc1fa6c
first feedback implemented
2013-08-23 21:59:36 +02:00
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
8456d2c0ec
remove target_uri
2013-08-22 00:48:42 +02:00
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
49ec0d464a
msftidy
2013-08-21 13:15:21 +02:00
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
42f774a064
Fix check method
2013-08-20 12:02:09 -05:00
533d98bd1b
Adding module for CVE 2013-5093, Graphite Web Exploit
2013-08-20 12:56:30 -04:00
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
1d82ed176f
Update joomla_media_upload_exec references
2013-08-13 23:27:01 -05:00
e912a64ccc
Description change
2013-08-13 19:04:25 -05:00
312ff1a20e
Delete period from regular expressions
2013-08-13 17:50:26 -05:00
04eed49310
Add support for FileDropper
2013-08-13 16:47:24 -05:00
e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
7e539332db
Reverting disaster merge to 593363c5f with diff
...
There was a disaster of a merge at 6f37cf22eb593363c5f9
2013-07-29 21:47:52 -05:00
3a8856ae7f
Apply review to spip_connect_exec
2013-07-15 09:44:05 -05:00
bc44d42888
Move module to unix/webapps
2013-07-15 09:43:28 -05:00
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00
8d7396d60a
Minor description changes on new modules
2013-07-08 16:24:40 -05:00
6e44cb56bf
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-03 12:44:47 -05:00
f3f3a8239e
Land #2043 , @ricardojba exploit for InstantCMS
2013-07-03 12:11:30 -05:00
c07e65d16e
Improve and clean instantcms_exec
2013-07-03 11:37:57 -05:00
dd876008f9
Update instantcms_exec.rb
2013-07-02 17:26:14 +01:00
72f19181d1
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-01 16:38:19 -05:00
dafa333e57
Update instantcms_exec.rb
2013-07-01 22:03:37 +01:00
bc24f99f8d
Various description and title updates
2013-07-01 15:37:37 -05:00
760133d878
Error on line 60
2013-07-01 12:04:03 -04:00
4cd08966ff
added InstantCMS 1.6 PHP Code Injection
2013-07-01 11:44:47 -04:00
0ff1cd24a9
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-30 10:03:30 -05:00
867eed7957
Make msftidy happy
2013-06-30 10:01:40 -05:00
db00599d44
Move carberp_backdoor_exec to unix webapp exploits foler
2013-06-30 10:00:14 -05:00
90b30dc317
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-26 14:31:52 -05:00
6ea622c45e
reference updates
2013-06-26 09:44:56 -05:00
0c306260be
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-25 09:13:01 -05:00
4df943d1a2
CVE and OSVDB update
2013-06-25 02:06:20 -05:00
31fcb911f2
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-23 21:41:10 -05:00
5b0092ff39
Land #2006 - Ref updates
2013-06-23 18:26:48 -05:00
345773592f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-22 13:54:47 -05:00
14850cd387
reference updates for multiple modules
2013-06-22 07:28:04 -05:00
339f2a5c83
Hmmm, one extra ','
2013-06-21 21:29:17 -05:00
8d422c9a39
Forgot to randomize the fake pass and remove the payload during testing
2013-06-21 21:27:11 -05:00
e7d75d6d16
Add OSVDB-94038: ZPanel htpasswd Module Username Command Execution
2013-06-21 21:03:10 -05:00
fc7670fa5f
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 23:16:04 -05:00
494ee160af
Fix indent
2013-06-19 23:12:12 -05:00
2d99c46414
Land #1990 , @wchen-r7's exploit for Libretto CMS
2013-06-19 23:11:34 -05:00
079477c57d
Commit final version
2013-06-19 20:35:24 -05:00
869438cb73
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 19:57:40 -05:00
62b23bc594
Initial (incomplete) commit
2013-06-19 16:59:15 -05:00
81b4efcdb8
Fix requires for PhpEXE
...
And incidentally fix some msftidy complaints
2013-06-19 16:27:59 -05:00
6d1101b65b
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-19 12:14:53 -05:00
d347be35e9
Land #1986 - Restores MoinMoin during exploitation
2013-06-19 12:14:10 -05:00
a894dc83c2
Try restore also at exploiting time
2013-06-19 11:35:52 -05:00
7b0977f897
Change base path
2013-06-19 11:33:45 -05:00
f0c81ed3cc
Correct disclosure date
2013-06-19 03:00:32 -05:00
67593d6ef4
Eh, PHP, not "php"
2013-06-19 02:34:49 -05:00
9c3bd12613
If I can't write, I want to know.
...
It's possible that the upload directory doesn't allow write, the
module should be aware of that. Other reasons may be possible.
2013-06-19 02:32:30 -05:00
19d868748d
Final version
2013-06-19 02:21:01 -05:00
5c1822ea17
Initial commit for havalite module
2013-06-18 19:00:42 -05:00
2b46828d9c
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-06-18 08:27:18 -05:00
3223ea799c
An invalid WritablePage option can result the same message as well.
2013-06-17 22:30:44 -05:00
044bd2101f
Authenticate against the page to modify
2013-06-17 20:34:02 -05:00
0bd6ca2a6a
Add module for CVE-2012-6081
2013-06-17 16:13:55 -05:00
0f3b13e21d
up to date
2013-05-16 15:02:41 -05:00
ccef6e12d2
changed to array in array
2013-05-16 19:03:47 +02:00
460542506d
changed to array
2013-05-16 19:01:20 +02:00
a7e4ba5015
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-30 08:32:24 -05:00
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
a4632b773a
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-04-28 12:59:16 -05:00
6c76bee02f
Trying to make the description sound smoother
2013-04-26 16:02:28 -05:00
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
52b721c334
Update description
2013-04-25 14:47:35 -05:00
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
787f8cc32f
up to date
2013-03-26 12:18:53 +01:00
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
c151d867dc
up to date
2013-03-12 17:04:27 +01:00
6603dcd652
up to date
2013-03-12 17:04:13 +01:00
5a70314f55
up to date
2013-03-12 16:57:48 +01:00
15742c49cb
up to date
2013-03-12 16:57:48 +01:00
1c3aa97bf8
Added Lotus Protector exploit module.
2013-03-12 16:57:47 +01:00
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
Meatballs
FireFart
jvazquez-r7
William Vu
Tod Beardsley
xistence
James Lee
Tab Assassin
jgor
sinn3r
g0tmi1k
Charlie Eriksen
HD Moore
root
Ricardo Almeida
Steve Tornio
h0ng10
Patrick Webster
David Maloney
Tod Beardsley
sinn3r
bcoles
Jose Selvi
Charlie Eriksen