91e6b7cd28
added ie8 target
2012-10-31 11:57:38 +01:00
ec8a2955e1
Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof
2012-10-31 03:32:43 -05:00
ede5d0f46b
This is meant to be a warning, so we use print_warning
2012-10-24 00:55:54 -05:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
60dc83748c
Update modules/exploits/windows/browser/mozilla_mchannel.rb
2012-10-17 12:25:44 -03:00
55c0cda86c
Merge branch 'fix_vprint_reduceright' of git://github.com/kernelsmith/metasploit-framework into kernelsmith-fix_vprint_reduceright
2012-10-11 16:55:52 -05:00
c911eeece2
change vprint_error to print_error
...
exploits/windows/browser/mozilla_reduceright does not tell you when an
incompatible browser connects like most other browser exploits do
(unless verbose is true). This change just changes the vprint to print
to be more consistent w/other browser exploits
2012-10-11 16:51:17 -05:00
1ea73b7bd2
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
f32ce87071
delete comment added by error
2012-10-10 19:32:25 +02:00
13e914d65e
added on_new_session handler to warn users about cleanup
2012-10-10 19:31:38 +02:00
37dc19951b
Added module for ZDI-12-169
2012-10-10 19:14:54 +02:00
0acd9e4eec
Merge branch 'ms10_002_ropdb_update' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-ms10_002_ropdb_update
2012-10-07 17:49:45 +02:00
bdb9b75e1e
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
5b656087b5
Use RopDb in adobe_flash_otf_font, also cleaner code & output
2012-10-06 21:03:41 -05:00
94d5eb7a8c
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
769fa3743e
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
21ea77ff8b
Fix spaces
2012-10-05 15:40:37 -05:00
33db3d9610
RopDb for ntr_activex_check_bof.rb
2012-10-05 14:09:59 -05:00
f92843c96e
RopDb for ie_execcommand_uaf.rb
2012-10-05 13:49:17 -05:00
9a53a49625
RopDb for vlc_amv.rb
2012-10-05 12:54:16 -05:00
d9278d82f8
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
6fc8790dd7
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
1268614d54
Adopt RopDb for adobe_flash_mp4_cprt.rb
2012-10-05 11:15:53 -05:00
98931e339a
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
631a06f3bb
Adopt RopDb for adobe_flashplayer_flash10o.rb
2012-10-05 10:55:55 -05:00
77438d2fc7
Make URI modification more obvious, and let the user know why
2012-10-04 17:52:04 -05:00
6ef87d1695
update info to reflect use of webdav
...
ms10_042_helpctr_xss_cmd_exec.rb doesn't tell you that it's going to
use webdav, and it's options dont' have the (Don't change) warning for
SRVPORT and URIPATH. This update fixes all that
2012-10-04 14:09:53 -05:00
2db2c780d6
Additional changes
...
Updated get_target function, comment for original author, possible
bug in handling page redirection.
2012-09-24 17:38:19 -05:00
2784a5ea2d
added js obfuscation for heap spray
2012-09-24 21:28:34 +02:00
57b3aae9c0
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
d476ab75cc
fix comment
2012-09-24 10:03:31 +02:00
f3a64432e9
Added module for ZDI-12-170
2012-09-24 10:00:38 +02:00
d3611c3f99
Correct the tab
2012-09-21 12:29:24 -05:00
25f4e3ee1f
Update patch information for MS12-063
2012-09-21 12:28:41 -05:00
54b98b4175
Merge branch 'ntr_activex_check_bof' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_check_bof
2012-09-20 16:43:20 -05:00
4ead0643a0
Correct target parameters
2012-09-20 16:41:54 -05:00
41449d8379
Merge branch 'ntr_activex_stopmodule' of https://github.com/jvazquez-r7/metasploit-framework into jvazquez-r7-ntr_activex_stopmodule
2012-09-20 16:33:12 -05:00
a5ffe7297f
Touching up Kernelsmith's wording.
...
It is merely the ROP chain, not the vuln, that requires Java.
2012-09-20 14:52:52 -05:00
e98e3a1a28
added module for cve-2012-0266
2012-09-20 19:03:46 +02:00
b61c8b85b8
Added module for CVE-2012-02672
2012-09-20 19:02:20 +02:00
f1a39c76ed
update to ie_execcommand_uaf's info to add ROP info
...
This module requires the following dependencies on the target for the
ROP chain to function. For WinXP SP3 with IE8, msvcrt must be present
(which it is on default installs). For Vista/Win7 with IE8 or Win7
with IE9, ire 1.6.x or below must be installed.
2012-09-19 14:10:02 -05:00
cc8102434a
CVE assigned for the IE '0day'
2012-09-18 16:13:27 -05:00
25475ffc93
Msftidy fixes.
...
Whitespace on ie_execcommand_uaf, and skipping a known-weird caps check
on a particular software name.
2012-09-18 11:25:00 -05:00
5fbc4b836a
Add Microsoft advisory
2012-09-17 22:13:57 -05:00
75bbd1c48d
Being slightly more clear on Browser Not Supported
...
With this and the rest of sinn3r's fixes, it looks like we can close the
Redmine bug.
[FixRM #7242 ]
2012-09-17 11:16:19 -05:00
d77ab9d8bd
Fix URIPATH and nil target
...
Allow random and '/' as URIPATh, also refuse serving the exploit
when the browser is unknown.
2012-09-17 10:54:12 -05:00
48a46f3b94
Pack / Unpack should be V not L
...
Packing or unpacking to/from L, I, or S as pack types will cause
problems on big-endian builds of Metasloit, and are best avoided.
2012-09-17 09:52:43 -05:00
d77efd587a
Merge remote branch 'wchen-r7/ie_0day_execcommand'
2012-09-17 08:48:22 -05:00
jvazquez-r7
sinn3r
Michael Schierl
sput-nick
kernelsmith
Tod Beardsley