d54687cb37
fix typo
2013-03-25 00:58:47 +01:00
26b43d9ed2
Added module for ZDI-13-050
2013-03-25 00:54:30 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
2c3de43f4b
datastore opts cleanup
...
cleanuo digestauth datastore options in modules
2013-02-04 12:10:44 -06:00
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
8f2dd8e2ce
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
25aaf7a676
msftidy: Remove $Id$
2013-01-04 00:41:44 +01:00
b3c0c6175d
FixRM #3398 by removing double user-agent headers
2012-12-20 14:45:18 -06:00
10511e8281
Merge remote branch 'origin/bug/fix-double-slashes'
...
Ran the new normalize_uri() specs, all passes, so I'm quite confident in
this change.
2012-12-17 13:29:19 -06:00
2eb4de815d
added c# code by Nicolas Gregoire
2012-12-11 16:33:41 +01:00
f5193b595c
Update references
2012-12-10 11:42:21 -06:00
fafdcbaae1
Vuln discovered by Rich.
...
See: https://twitter.com/webstersprodigy/status/277087755073380353
2012-12-07 10:42:45 -06:00
5548bebb16
embeding payload on the c# script
2012-12-04 17:44:55 +01:00
3f3bdb8473
my editor...
2012-12-03 21:45:26 +01:00
8a9ad4253a
comment about the original discoverer updated
2012-12-03 21:44:35 +01:00
2cb824d62d
Added module for CVE-2012-5357
2012-12-03 20:12:02 +01:00
f88ec5cbc8
Add normalize_uri to modules that may have
...
been missed by PULL 1045.
Please ensure PULL 1045 is in place prior to
looking at this (as it implements normalize_uri)
ref --> https://github.com/rapid7/metasploit-framework/pull/1045
2012-11-08 17:42:48 +01:00
36066f8c78
Catch a few stragglers for double slash
2012-11-08 07:21:37 -06:00
4d2147f392
Adds normalize_uri() and fixes double-slash typos
2012-11-08 07:16:51 -06:00
04668c7d61
fix response codes check to avoid second tries to fail
2012-11-05 09:26:26 +01:00
799c22554e
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
910644400d
References EDB cleanup
...
All other types of references use String arguments, but approximately half
of the EDB references use Fixnums. Fix this by using Strings here too.
2012-10-23 21:02:09 +02:00
f9ac55c221
Infohash key cleanups
...
Replace obvious typos in infohash keys. Note that this *does*
affect the behaviour as those keys have been ignored before.
2012-10-22 21:24:36 +02:00
e9f7873afc
Version cleanup
...
Remove all values that are neither 0 nor $Revision$.
2012-10-22 20:57:02 +02:00
abb4bdd408
metadata formatting, and a little res gotcha
2012-10-08 15:00:51 -05:00
ef9d627e13
Added module for ZDI-12-106
2012-10-08 20:04:01 +02:00
f75ff8987c
updated all my authour refs to use an alias
2012-09-19 21:46:14 -05:00
9a83c7c338
changes according to egypt review
2012-09-14 18:47:50 +02:00
eae571592c
Added rgod email
2012-09-14 17:45:16 +02:00
a2649dc8d1
fix typo
2012-09-14 17:10:41 +02:00
e27d5e2eb7
Description improved
2012-09-14 17:08:59 +02:00
9c77c15cf5
Added module for osvdb 85087
2012-09-14 16:54:28 +02:00
b4113a2a38
hp_site_scope_uploadfileshandler is now multiplatform
2012-09-06 12:54:51 +02:00
2f87af1c3a
add some checks while parsing the java serialization config file
2012-09-05 20:58:55 +02:00
b2116e2394
cleanup, test, add on_new_session handler and osvdb references
2012-09-05 20:54:25 +02:00
406202fc81
Added module for ZDI-12-174
2012-09-05 12:56:09 +02:00
f439f256b5
Debug line deleted on
2012-08-30 00:18:07 +02:00
c3159e369a
A lot gotcha
...
When res is nil, that condition can fall into the 'else' clause.
If that happens, we can trigger a bug when we try to read res.code.
2012-08-29 14:46:35 -05:00
6a24e042f9
fixing indentation
2012-08-29 16:17:56 +02:00
2ed712949e
Added check function
2012-08-29 16:12:11 +02:00
72cb39925a
Added exploit for OSVDB 84821
2012-08-29 12:17:44 +02:00
1b6fe22359
Give proper credit to Craig plus additional references
...
Craig first found the buffer overflow. But Matt found a more
reliable way to exploit the flaw.
2012-08-21 22:48:15 -05:00
3da8a59cf0
a little cleanup plus complete metadata
2012-08-20 22:42:54 +02:00
jvazquez-r7
James Lee
David Maloney
Tod Beardsley
sinn3r
Christian Mehlmauer
HD Moore
Chris John Riley
Michael Schierl