Commit Graph

1836 Commits (befe224c58a3e898e6fbd157843d8122c09d0b06)

Author SHA1 Message Date
aushack 76cd9590a4 Fix author 2015-06-19 19:13:51 +10:00
wchen-r7 9b5770c966 Change to Metasploit::Model::Login::Status::SUCCESSFUL 2015-06-18 23:40:51 -05:00
wchen-r7 b6379b4d24 Update drupal_views_user_enum 2015-06-16 00:02:02 -05:00
wchen-r7 0b88e86a49 Using the new cred API for multiple auxiliary modules 2015-06-15 16:06:57 -05:00
wchen-r7 907f596de6
Land #5520, Update titan_ftp_admin_pwd to use the new creds API 2015-06-15 03:26:19 -05:00
wchen-r7 940d045029 Correctly report rport 2015-06-15 03:23:39 -05:00
wchen-r7 308b1a3d7f Don't deregister username & password 2015-06-15 03:21:09 -05:00
jvazquez-r7 e628d71261
Land #5397, @espreto's module for WordPress Simple Backup File Read Vulnerability 2015-06-12 15:32:06 -05:00
jvazquez-r7 184c20cd46
Do minor cleanup 2015-06-12 15:31:42 -05:00
root 7cb82f594b Add ftp port for service 2015-06-10 14:24:05 +05:00
root 3ffe006e09 Update titan_ftp_admin_pwd to use the new creds API 2015-06-10 13:36:26 +05:00
root 78a6e1bc90 Change credential status from untried to successful 2015-06-10 10:07:33 +05:00
root 49e4820c57 Add depcrecated note to the existing modules 2015-06-09 10:42:53 +05:00
root 3279518bbd Move VMware modules to the VMware directory 2015-06-08 14:58:22 +05:00
root 3ec6d9b7aa Update owa_login to use new cred API 2015-06-05 15:41:07 +05:00
wchen-r7 874e090aa1 Update wordpress_login_enum to use the new cred API 2015-06-04 18:16:14 -05:00
Roberto Soares b305fa62f4 Changed vprint_error when nothing was downloaded. 2015-06-03 14:46:59 -03:00
Roberto Soares 24ec3b2fb5 Changed vprint_error to fail_with method. 2015-06-03 13:46:59 -03:00
wchen-r7 80c3022dc1 Deprecate cold_fusion_version. Please use coldfusion_version.
auxiliary/scanner/http/cold_fusion_version is deprecated. Please use
auxiliary/scanner/http/coldfusion_version instead.
2015-05-28 15:39:14 -05:00
Tod Beardsley 95b5ff6bea
Minor fixups on recent modules.
Edited modules/auxiliary/admin/http/netgear_soap_password_extractor.rb
first landed in #5301, @m-1-k-3's aux module to extract passwords from
Netgear soap interfaces

Edited modules/auxiliary/scanner/http/influxdb_enum.rb first landed in

Edited modules/auxiliary/scanner/http/title.rb first landed in #5333,
HTML Title Grabber

Edited modules/exploits/multi/browser/adobe_flash_uncompress_zlib_uaf.rb
first landed in #5401, multi-platform CVE-2015-0311 - Flash uncompress()
UAF

Edited modules/exploits/unix/webapp/wp_revslider_upload_execute.rb first
landed in #5290, Wordpress RevSlider Module
2015-05-26 17:00:10 -05:00
Roberto Soares b4a6cdbad0 Remove new line in vprint_line. 2015-05-21 12:33:09 -03:00
Roberto Soares 0135b3639f Add WordPress Simple Backup File Read Vulnerability. 2015-05-21 12:23:24 -03:00
Brent Cook a4df3468de unique: should be update:, include uri in data hash 2015-05-20 16:20:09 -05:00
Brent Cook c85b82e8a7 Merge branch 'master' into land-5358-notes 2015-05-20 16:02:59 -05:00
Stuart Morgan 79b9ef008a Bugfix 2015-05-17 13:55:56 +01:00
jvazquez-r7 dd5060e08c
Land #5340, @wchen-r7's change to the symantec_web_gateway_login writing style 2015-05-15 13:18:35 -05:00
jvazquez-r7 cf5fa6752e
Use parenthesis 2015-05-15 13:17:54 -05:00
jvazquez-r7 d05cae5faf
Land #5329, @wchen-r7's add configurable options to jenkins_login 2015-05-15 11:38:21 -05:00
wchen-r7 24a989b8a3
Land #5249, Add Module for Enum on InfluxDB database 2015-05-14 11:22:54 -05:00
wchen-r7 005c36b2a6 If data is empty, don't save (or even continue) 2015-05-14 11:22:10 -05:00
wchen-r7 ac0e4e747a Change writing style of symantec_web_gateway_login 2015-05-13 00:23:37 -05:00
wchen-r7 202c5e0121
Land #5333, HTML Title Grabber 2015-05-12 11:19:06 -05:00
wchen-r7 faec5844cb Some fixes 2015-05-12 11:18:21 -05:00
jvazquez-r7 a5267ab77e
Land #4940, @dnkolegov's modules for F5 BIG-IP devices 2015-05-12 09:59:21 -05:00
Stuart Morgan f0048b9a6d Apparently you don't quote the keys with the new syntax 2015-05-12 11:00:18 +01:00
Stuart Morgan 7c81adbd89 MSFTidy is now quiet and happy 2015-05-12 10:47:49 +01:00
Stuart Morgan 1f6bd3e2be Updated to new ruby hash syntax and removed <> from title 2015-05-12 10:43:32 +01:00
Stuart Morgan 518e28674e Removed CGI dependency (@hmoore-r7, @wchen-r7) 2015-05-11 21:10:18 +01:00
Stuart Morgan 78e310562b Readability style change 2015-05-11 19:48:12 +01:00
Stuart Morgan 8e3d803e74 Updated style as per @void-in's comments 2015-05-11 19:46:10 +01:00
Stuart Morgan 62d67469da Updated code style as per @hmoore-r7's instructions 2015-05-11 19:34:23 +01:00
Stuart Morgan b8f7c80fd2 Rubocop 2015-05-11 18:50:03 +01:00
Stuart Morgan 8308c2a925 Added check for nonsensical options 2015-05-11 18:48:55 +01:00
Stuart Morgan 99133deabb Reran tests, sorted out strip problem 2015-05-11 18:29:44 +01:00
Stuart Morgan c25a5d3859 Fixed a bunch of rubocop errors 2015-05-11 18:14:37 +01:00
Stuart Morgan 34cf90af59 Removed unnecessary include 2015-05-11 17:31:31 +01:00
Stuart Morgan c001f014ce HTML Title Grabber 2015-05-11 17:29:22 +01:00
wchen-r7 d8cc2c19d3 Fix #5315, User configurable options for jenkins_login
Fix #5315. This patch allows the user to configure the HTTP method
for the login, as well as the URL.
2015-05-11 10:15:49 -05:00
Denis Kolegov efb226a55c Fixed some minor errors 2015-05-10 02:59:57 -04:00
jvazquez-r7 a8adcda941
Redo port checks 2015-05-08 15:29:30 -05:00
jvazquez-r7 156aac1dff
Use timeout options 2015-05-08 15:23:08 -05:00
jvazquez-r7 bf9ca1f88f
Change module filename 2015-05-08 15:08:59 -05:00
jvazquez-r7 f56115552f
Do code cleanup 2015-05-08 14:56:39 -05:00
jvazquez-r7 b73241882b
Use datastore option 2015-05-08 14:48:19 -05:00
jvazquez-r7 b5f5bacb8c
Use the connect/read timeout as used by the HTTPClient mixin 2015-05-08 14:46:08 -05:00
jvazquez-r7 9fdbfd7031
Use vprint_error 2015-05-08 14:21:36 -05:00
jvazquez-r7 017ae463ed
Fix description style 2015-05-08 14:18:29 -05:00
void-in a7988f9e93 Change credentials to service:service 2015-05-08 22:52:59 +05:00
Tod Beardsley e8913e5620
Addressed most of @wvu's issues with #5312 2015-05-06 14:47:08 -05:00
Tod Beardsley f423306b6f
Various post-commit fixups
Edited modules/auxiliary/dos/http/ms15_034_ulonglongadd.rb first landed
in #5150, @wchen-r7's DOS module for CVE-2015-1635 HTTP.sys

Edited modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb
first landed in #5192, @joevennix's module for Safari CVE-2015-1126

Edited modules/auxiliary/gather/java_rmi_registry.rb first landed in

Edited modules/auxiliary/gather/ssllabs_scan.rb first landed in #5016,
add SSL Labs scanner

Edited modules/auxiliary/scanner/http/goahead_traversal.rb first landed
in #5101, Add Directory Traversal for GoAhead Web Server

Edited modules/auxiliary/scanner/http/owa_iis_internal_ip.rb first
landed in #5158, OWA internal IP disclosure scanner

Edited modules/auxiliary/scanner/http/wp_mobileedition_file_read.rb
first landed in #5159, WordPress Mobile Edition Plugin File Read Vuln

Edited modules/exploits/linux/http/multi_ncc_ping_exec.rb first landed
in #4924, @m-1-k-3's DLink CVE-2015-1187 exploit

Edited modules/exploits/unix/webapp/wp_slideshowgallery_upload.rb first
landed in #5131, WordPress Slideshow Upload

Edited modules/exploits/windows/local/run_as.rb first landed in #4649,
improve post/windows/manage/run_as and as an exploit

(These results courtesy of a delightful git alias, here:

```
  cleanup-prs = !"for i in `git status | grep modules | sed
s/#.*modules/modules/`; do echo -n \"Edited $i first landed in \" && git
log --oneline --first-parent $i | tail -1 | sed 's/.*Land //' && echo
''; done"

```

So that's kind of fun.
2015-05-06 11:39:15 -05:00
Denis Kolegov 7fb99cdaaf Merged fixed conflicts 2015-05-02 05:37:36 -04:00
Denis Kolegov f95774c6b4 Fixed bugs 2015-05-02 05:09:03 -04:00
jvazquez-r7 93ac8b48e3
Land #5178, @jboss_vulnscan check for console default admin
* And minor fixes
2015-05-01 17:38:20 -05:00
jvazquez-r7 697c6c20cb
Do minor cleanup 2015-05-01 17:37:45 -05:00
jvazquez-r7 c6806b4e5f
Land #5102, @wchen-r7's ManageEngine Desktop Central Login Utility 2015-05-01 15:20:21 -05:00
jvazquez-r7 b037560c90
Do minor style fixes 2015-05-01 15:01:13 -05:00
William Vu 9b17191e48 Remove unnecessary {,dis}connect 2015-04-28 15:09:16 -05:00
William Vu 28e661e204 Fix false positive in POODLE scanner
If SSL is false somehow.
2015-04-28 14:19:48 -05:00
Christian Mehlmauer 7523e592d2
Land #5198, WordPress contus video gallery 2.7 scanner 2015-04-27 23:24:57 +02:00
Brandon Perry 7a2084cdc5 Rename wordpress_contus_video_gallery_sqli.rb to wp_contus_video_gallery_sqli.rb 2015-04-26 16:54:21 -05:00
Roberto Soares c41c7a1ba2 Rewrote the conditions of res. 2015-04-25 17:18:38 -03:00
Roberto Soares d01da0c522 Changed if conditions and exception handling 2015-04-25 15:08:36 -03:00
Roberto Soares 3a84396f32 Removed authorization header. 2015-04-25 14:30:21 -03:00
Roberto Soares b810a96dac Add Module for Enum on InfluxDB database. 2015-04-25 04:41:33 -03:00
Brent Cook ff96101dba
Land #5218, fix #3816, remove print_debug / DEBUG 2015-04-24 13:41:07 -05:00
jvazquez-r7 896d6e8cb7
Fix title 2015-04-24 11:09:39 -05:00
jvazquez-r7 7af6f31c3a
Fix message 2015-04-24 11:08:00 -05:00
jvazquez-r7 5ca6fe3cb0
Do code cleanup 2015-04-24 11:07:13 -05:00
Roberto Soares e51897d64e Filepath option 2015-04-24 04:35:59 -03:00
Roberto Soares 7b0b59b5f6 Add WordPress GI-Media Library Plugin File Read. 2015-04-24 04:24:16 -03:00
Brandon Perry e9f8b25987 Update wordpress_contus_video_gallery_sqli.rb
Update to use the Wordpress mixin
2015-04-22 14:43:55 -05:00
Brandon Perry 26d208f089 Update wordpress_contus_video_gallery_sqli.rb
remove 'uri'
2015-04-22 14:42:03 -05:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
Brent Cook 073850c5ad
Land #5158, OWA internal IP disclosure scanner 2015-04-21 11:10:39 -05:00
Brent Cook 5296c6507d
Land #5157, OWA login scanner auth timing logs 2015-04-21 11:06:08 -05:00
Brandon Perry b622aae97f Update wordpress_contus_video_gallery_sqli.rb 2015-04-19 18:24:12 -05:00
Brandon Perry c393f7c398 add contus video gallery scanner 2015-04-19 17:58:08 -05:00
Christian Mehlmauer ed9175d73f
Land #5167, WordPress CP Multi-View Calendar SQLI Scanner 2015-04-19 23:36:23 +02:00
Brandon Perry 8c0bcd2e03 Update wordpress_cp_calendar_sqli.rb
Use the new WPVDB
2015-04-19 16:32:57 -05:00
Christian Mehlmauer 6653c9e33d
Land #5162, WordPress Dukapress File Read Vulnerability 2015-04-17 11:20:55 +02:00
Christian Mehlmauer 6c77b64dae
wrong method name 2015-04-17 11:20:14 +02:00
Christian Mehlmauer aef464fc2e
Land #5159, WordPress Mobile Edition Plugin File Read Vuln 2015-04-17 11:13:00 +02:00
Christian Mehlmauer 153344a1dd
fix Unkown typo 2015-04-16 23:59:28 +02:00
Roberto Soares ed588e335b Changed the print_error output. 2015-04-16 17:32:59 -03:00
Roberto Soares bf3bdcffb4 Changed the deph value to 7. 2015-04-16 17:30:28 -03:00
Roberto Soares dd474757fe Changed the print_error output. 2015-04-16 17:26:44 -03:00
Roberto Soares f50cedeafd Changed the depth value to 7. 2015-04-16 17:22:49 -03:00
Christian Mehlmauer 0e186fa617
first fail_with fixes 2015-04-16 21:08:33 +02:00
William Vu 1455d4e94d Fix AUTH_TIME 2015-04-16 11:39:33 -05:00
William Vu 7c572777e1 Fix whitespace 2015-04-16 11:34:50 -05:00
William Vu 7a9167b235 Fix comments 2015-04-16 11:34:47 -05:00
Nate Power 9bcc988266 Update owa_login 2015-04-16 11:23:04 -05:00
Brandon Perry 75b88f199a Create wordpress_cp_calendar_sqli.rb 2015-04-16 09:53:00 -05:00
Roberto Soares ecc67b1a57 Fix loot name 2015-04-16 10:42:20 -03:00
Roberto Soares d898af5513 Add check version and removed HttpClient 2015-04-16 10:40:35 -03:00
Roberto Soares 768294710b Add check and removed HttpClient 2015-04-16 10:22:10 -03:00
Roberto Soares 890561bff3 Rewriting the condition 'if' for only one line 2015-04-16 09:23:56 -03:00
Roberto Soares b90ff36ef4 Rewriting the condition 'if' for only one line 2015-04-16 09:15:17 -03:00
Roberto Soares 21e964e699 Add Author and references.. 2015-04-16 07:20:48 -03:00
Roberto Soares f6f4bd0746 Add WordPress Dukapress File Read Vulnerability 2015-04-16 07:17:46 -03:00
Roberto Soares c8e1185a04 Included Wordpress mixin. 2015-04-16 05:02:39 -03:00
William Vu bec6270f07 Fix regex 2015-04-15 23:47:03 -05:00
William Vu 01ae7002cf Fix EOF whitespace 2015-04-15 21:27:53 -05:00
Roberto Soares 0031f09d60 Add author, EDB, WPVDB and fix loot. 2015-04-15 20:03:36 -03:00
Roberto Soares 0f1cf1d1b1 Add Module WP Mobile Edition Plugin File Read Vuln 2015-04-15 19:45:08 -03:00
William Vu 66b7179a97 Rename module to owa_iis_internal_ip 2015-04-15 17:10:01 -05:00
William Vu a109dae033 Fix EOL whitespace 2015-04-15 16:58:59 -05:00
William Vu cc422eeeea Fix splat 2015-04-15 16:58:18 -05:00
Nate Power 34ce4edacb Add exchange_iis_internal_ip 2015-04-15 16:55:19 -05:00
Tod Beardsley d87483b28d
Squashed commit of the following:
commit 49f480af8b9d27e676c02006ae8873a119e1aae6
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:42:13 2015 -0500

    Fix funny punctuation on rootpipe exploit title

    See #5119

commit 0b439671efd6dabcf1a69fd0b089c28badf5ccff
Author: Tod Beardsley <tod_beardsley@rapid7.com>
Date:   Mon Apr 13 10:37:39 2015 -0500

    Fix vendor caps

    Trusting the github repo README at

    https://github.com/embedthis/goahead

    See #5101
2015-04-13 10:46:47 -05:00
sinn3r 5f389cf3c2 Add ManageEngine Desktop Central Login Utility 2015-04-08 02:05:56 -05:00
Roberto Soares dc14c770be Changed the traversal variable to just one line 2015-04-08 02:26:59 -03:00
Roberto Soares 441042ed37 Removed the segments variable 2015-04-08 01:29:45 -03:00
Roberto Soares d399d05383 Add Directory Traversal for GoAhead Web Server 2015-04-07 20:22:06 -03:00
Zach Grace 42e82cc644 Rubocop fixes 2015-04-07 18:21:08 -05:00
Zach Grace 7275d5745f Fixes, refactoring and adding JBoss AS default creds scanning 2015-04-07 17:40:25 -05:00
William Vu 56dc7afea6
Land #5068, @todb-r7's module author cleanup 2015-04-03 16:00:36 -05:00
jvazquez-r7 79b2a23dff
Land #5015, @espreto file traversal scanner for RIPS 2015-04-03 15:35:58 -05:00
jvazquez-r7 ce6e5e12d8
Make depth an option 2015-04-03 15:33:27 -05:00
jvazquez-r7 70fad73092
Add metadata 2015-04-03 15:27:28 -05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
Denis Kolegov c9e8f9cbea Add BigIP HTTP VS scanner and fix connection errors 2015-04-03 02:30:03 -04:00
Tod Beardsley 6532fad579
Remove credits to Alligator Security Team
All but one of these modules credits both a team name and individual
team members. We should just be crediting team members. The domain
persists in all the other credits.

The one that didn't was credited to dflah_ specifically, so merely
changed the author name.

Longer description, if needed, wrapped at 72 characters.

[See #5012]
2015-04-02 15:12:22 -05:00
sinn3r a592f645f0
Land #5039, Webdorado gallery wd 1.2.5 unauthenticated SQLi scanner 2015-04-01 14:34:58 -05:00
Brandon Perry e73286cfa5 update stale references 2015-03-30 17:17:48 -05:00
sinn3r 613f4777ce Land #5024, add joomla_ecommercewd_sqli_scanner.rb 2015-03-30 12:45:09 -05:00
Brandon Perry de2bf0181c add first pass at gallerywd sqli scanner 2015-03-28 16:15:51 -05:00
Brandon Perry 9f0483248c add TARGETURI datastore option 2015-03-28 15:46:41 -05:00
Brandon Perry 6ede476423 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-28 08:38:12 -05:00
Brandon Perry 0dbd8544b4 Update joomla_ecommercewd_sqli_scanner.rb 2015-03-27 21:20:59 -05:00
Brandon Perry 31be47d5bc Create joomla_ecommercewd_sqli_scanner.rb 2015-03-27 20:25:33 -05:00
Roberto Soares 3e104fd8e6
Add Directory Traversal for RIPS Scanner 2015-03-27 05:08:43 -03:00
dnkolegov 040a1af9c5 Delete useless ecnryption cookie detection, fix minor issues 2015-03-25 02:34:33 -04:00
Tod Beardsley 49a6057f74
Grammaring harder 2015-03-24 11:10:36 -05:00
dnkolegov ee17d6e606 Deleted spaces at EOL 2015-03-23 04:34:38 -04:00
dnkolegov 2a0deaa6c8 Deleted default options and SYN scan 2015-03-23 04:31:08 -04:00
William Vu 6f51946aa0
Land #4969, GitLab module references 2015-03-20 17:26:51 -05:00
William Vu 99f3de0843 Clean up info hash formatting 2015-03-20 17:26:21 -05:00
jvazquez-r7 1226b3656f
Land #4945, @wchen-r7's login scanner for Symantec web gateway 2015-03-20 14:44:05 -05:00
jvazquez-r7 2f35fcff99
Fix require 2015-03-20 14:43:42 -05:00
Meatballs 8ee520e749
Add reference 2015-03-20 19:17:34 +00:00
sinn3r b19f766728
Land #4942, Gitlab Login Scanner 2015-03-20 13:02:12 -05:00
sinn3r a2ce14a31e
Land #4941, Gitlab Unauth User Enumeration 2015-03-20 12:28:35 -05:00
sinn3r 235124a40a Fix typo 2015-03-20 12:27:23 -05:00
sinn3r 84164b44b2 Should also rescue JSON::ParserError for banner parsing 2015-03-20 12:27:02 -05:00
sinn3r 94ab2f94fd Remove symbols that aren't used
These symbols belong to the AuthBrute mixin, but we are not using
AuthBrute for login testing.
2015-03-19 14:14:01 -05:00
William Vu d1d6378179
Land #4566, Misfortune Cookie scanner improvements 2015-03-17 12:32:35 -05:00
sinn3r f95b783193 I don't need these eitehr 2015-03-17 11:33:49 -05:00
Meatballs e1ebc6c7fe
Update date, remove URL (will replace later) 2015-03-17 12:50:47 +00:00
Meatballs 0cd85cb052
Correct capitilzation of GitLab 2015-03-17 11:33:57 +00:00
Meatballs d18224e3cb
Correct capitilzation of GitLab 2015-03-17 11:32:14 +00:00
Meatballs f4a1e981ab
Add gitlab login scanner 2015-03-17 11:19:23 +00:00
Meatballs 878247f495
Small modifications 2015-03-17 10:03:32 +00:00
Meatballs f1d5d8f1ce
Store to loot as well 2015-03-17 09:55:28 +00:00
Meatballs 9f40826f8e Store creds in database 2015-03-17 09:17:08 +00:00
Meatballs 3830e71257 Catch 7.5 401 2015-03-17 09:17:08 +00:00
Meatballs 1b565b0290 Check revision 2015-03-17 09:17:07 +00:00
Meatballs 7216f2a971 Initial commit 2015-03-17 09:17:07 +00:00
sinn3r 14296826f7 A cleaner way to set datastore options 2015-03-17 03:07:49 -05:00
sinn3r ff58f7d270 Add Symantec Web Gateway Login Module 2015-03-17 02:51:57 -05:00
dnkolegov e01f824b2c Fix capitalization warnings 2015-03-17 03:46:00 -04:00
dnkolegov 78be03623f Fix indent warnings 2015-03-17 03:39:04 -04:00
dnkolegov 34c30502fd Add SSL/TLS support, fix minor errors, change default parameters 2015-03-17 02:49:11 -04:00
Sven Vetsch 4d3a1a2f71 fix all duplicated keys in modules 2015-03-14 13:10:42 +01:00
dnkolegov bc0276a9c8 Add scanner for F5 web management interfaces 2015-03-12 06:50:29 -04:00
aushack 2f4df39dc9 Fixed typo 2015-03-05 17:40:51 +11:00
William Vu f3cad229d3 Fix duplicate hash key "References"
In modules/auxiliary/scanner/http/http_login.rb.
2015-02-24 05:19:58 -06:00
William Vu 8c5ff858d0
Land #4812, hp_sys_mgmt_login configurable URIs 2015-02-23 19:04:14 -06:00
HD Moore bf103def9e Add the /ews/ path to enable easy OWA brute force 2015-02-23 14:03:39 -06:00
William Vu bcfbcb7eea Clean up whitespace 2015-02-23 13:15:21 -06:00
HD Moore ea54696d99 Remove redundant params now provided by the mixin helper 2015-02-22 02:32:28 -06:00
HD Moore 8e8a366889 Pass Http::Client parameters into LoginScanner::Http (see #4803) 2015-02-22 02:26:15 -06:00
sinn3r f4e512e0ff Should be an array 2015-02-20 21:56:49 -06:00
sinn3r 40c237f507 Fix #3982, allow URIs to be user configurable
Fix #3982
2015-02-20 21:54:03 -06:00
David Maloney ffa6550aec
Land #4787, HD's new Zabbix and Chef LoginScanners
Lands the new LoginScanners HD wrote for Zabbix
and the Chef WebUI
2015-02-18 14:51:16 -06:00
David Maloney 804db0ff0c
add leixcal sorting to methods
lexical sort the new methods except for
msf module entrypoint methods which should always be at
the top
2015-02-18 14:50:33 -06:00
William Vu 35511636cc
Land #4788, splunk_web_login new version support 2015-02-18 11:54:54 -06:00
HD Moore cc6899d783 Fix a stack trace on null response, thanks @jlee-r7 2015-02-18 00:38:55 -06:00
HD Moore f4d8a25981 Add support for newer Splunk versions 2015-02-18 00:30:47 -06:00
HD Moore 2847507f03 Add a chef brute force module 2015-02-17 23:49:57 -06:00
HD Moore 27d5ab45b4 Add a zabbix brute force module 2015-02-17 22:56:08 -06:00
HD Moore f0e69cb526 Fix two cosmetic typos in the axis/glassfish modules 2015-02-17 21:01:35 -06:00
Tod Beardsley a8108cfc17
Be less stupid in the description
[See #4774]
2015-02-17 13:04:26 -06:00
Tod Beardsley 14e764ff5a
Move to http subdirectory
After all, the wordpress scanners are all HTTP as well, and not under
some platform specific "wordpress" directory. Lots of other HTTP-ish
devices in there as well.
2015-02-17 12:53:18 -06:00
HD Moore 8d982e3286 Pass the framework/module down into LoginScanner 2015-02-07 11:50:30 -06:00
Tod Beardsley c633c710bc
Mostly caps/grammar/spelling, GoodRanking on MBAM 2015-02-05 12:36:47 -06:00
Christian Mehlmauer c8864c93d7
remove unused code 2015-02-02 20:04:10 +01:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer 9ce2dd9815
msftidy 2015-01-30 15:41:11 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Tod Beardsley bae19405a7
Various grammar, spelling, word choice fixes 2015-01-26 11:00:07 -06:00
sinn3r f3a2d6663f Fix #4616 and Fix #3798 - Correctly use OptRegexp
This patch fixes a problem with OptRegexp. The OptRegexp class is
always forcing the value to be converted to a string first, which
causes the EXCLUDE option in browser_autopwn to kick in and match
every found autopwn module, so it ignores all of them and you load
nothing (#4616).

It is important to understand that nil actually represents an option
not being set, which is a completely different behavior than having
an empty value (technically "" is still a value, and if there's a
value, it means the option is set). We need to watcher for these
scenarios.

I am restoring the #default method to avoid forcing a to_s, which should
fix the browser autopwn loading problem. And then I changed scraper.rb's
default value for datastore option PATTERN to a string, because still
fixes #3798. The way I see it, #3798 is actually a module-specific issue.

Fix #4616
Fix #3798
2015-01-23 02:38:26 -06:00
Jon Hart a5e14d5869
Use checkcode status text when not obviously vulnerable, more consistent text 2015-01-20 13:55:48 -08:00
Jon Hart 14fc8d4cd0
Only allow 401/403/404 2015-01-20 13:36:06 -08:00
Jon Hart d68b62cf21
Make canary value (URI) configurable 2015-01-15 13:12:32 -08:00
Jon Hart 2dca18265e
Track and vprint canary value and code 2015-01-15 12:34:53 -08:00
Jon Hart 3489ea540e
Make status code checking configurable 2015-01-15 12:22:16 -08:00
Jon Hart 4641b02646
Base canary path from TARGET_URI 2015-01-15 12:05:10 -08:00
Jon Hart 1f6defda73
Use more correct check codes 2015-01-14 13:10:35 -08:00
Jon Hart 9e76e0b0d8
Simplify. Document. Handle edge cases
Simplify detection logic.

Document testing method better

Ensure that body doesn't include canary cookie name too

Use full_uri in prints when possible
2015-01-12 11:40:17 -08:00
Jon Hart d4843f46ed
Make auth checking optional and off by default 2015-01-11 12:15:57 -08:00
Jon Hart 9491e4c977
Use send_request_raw; set realistic (and often necessary) Referer 2015-01-11 12:10:40 -08:00
Jon Hart b1ca1cc110
Add back TARGETURI because Exploit::Remote::HttpClient doesn't define one (...) 2015-01-09 13:20:18 -08:00
Jon Hart 831ba8b470
Improve (mis)Fortune Cookie (CVE-2014-9222) scanner 2015-01-09 12:58:35 -08:00
dmooray 8c23e8c2e8 ruby 2.2 compatibility
Fix circular argument reference warnings for ruby 2.2
2015-01-07 12:00:50 +02:00
sinn3r 44dfa746eb Resolve #4513 - Change #inspect to #to_s
Resolve #4513
2015-01-05 11:50:51 -06:00
Tod Beardsley d3050de862
Remove references to Redmine in code
See #4400. This should be all of them, except for, of course, the module
that targets Redmine itself.

Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
Jon Hart 8d2bd74d31
Add preliminary module to cover 'Misfortune Cookie', CVE-2014-9222 2014-12-18 17:21:26 -08:00
Brandon Perry eb47ca593e update desc to include domain admin information 2014-12-13 13:01:41 -06:00
Brandon Perry 2e94280cba mv bmc to scanner/http 2014-12-13 12:58:16 -06:00
jvazquez-r7 b1f7682713 Make msftidy happy 2014-12-12 12:59:00 -06:00
jvazquez-r7 493034ad10 Land #3305, @claudijd Cisco SSL VPN Privilege Escalation exploit 2014-12-12 12:57:00 -06:00
Christian Mehlmauer 0f27c63720
fix msftidy warnings 2014-12-12 13:16:21 +01:00
Christian Mehlmauer 544f75e7be
fix invalid URI scheme, closes #4362 2014-12-11 23:34:10 +01:00
Tod Beardsley 51762e1194
Explicitly include the HTTP Login scanner
This should be the last commit that fixes #3904.
2014-12-11 11:08:08 -06:00
Tod Beardsley b533f74024
Add a bruteforce_speed option to all LoginScanners 2014-12-11 11:06:32 -06:00
Jonathan Claudius e89a399f95 Merge remote-tracking branch 'upstream/master' into add_cisco_ssl_vpn_priv_esc 2014-12-09 20:55:01 -05:00
William Vu 3a978e1147
Land #4280, frontpage_login improvements 2014-12-02 14:56:57 -06:00
jvazquez-r7 0ab2e99419
Delete version from title 2014-12-01 10:24:12 -06:00
jvazquez-r7 f4e20284a4 Change mixin include order 2014-12-01 10:22:20 -06:00
jvazquez-r7 d85aabfed9 Use vprint by default 2014-12-01 10:20:12 -06:00
jvazquez-r7 e0cb0f7966 Fix description 2014-12-01 10:19:14 -06:00
jvazquez-r7 fa07b466d6 Use single quote and minor cosmetic changes 2014-12-01 09:57:29 -06:00
jvazquez-r7 d5888a7f6f Fix module options 2014-12-01 09:55:36 -06:00
jvazquez-r7 47acf3487d Do minor cleanup
* Prepend peer
* Use print_good when file downloaded
2014-12-01 09:53:00 -06:00
Roberto Soares Espreto e4b3ee2811 Changed the module name. 2014-12-01 01:00:14 -02:00
Roberto Soares Espreto ecbce679a8 Remove timeout on line 59. 2014-12-01 00:51:12 -02:00
Roberto Soares Espreto f3957ea428 FILEPATH changed from false to true. 2014-12-01 00:48:47 -02:00
Roberto Soares Espreto 97ee975235 Deleted checking on line 48. 2014-12-01 00:46:58 -02:00
Roberto Soares Espreto 84ce573227 Deleted line 61 which returns the server status code. 2014-12-01 00:39:05 -02:00
Tiago Sintra 6f6274735f Update frontpage_login.rb
Vhost is now used if specified.
Added X-Vermeer-Content-Type header, which seems to be required for the RPC service otherwise server responds with:
method=
status=

    status=262147
    osstatus=0
    msg=No "CONTENT_TYPE" on CGI environment.
    osmsg=
2014-11-28 17:21:47 +00:00
Roberto Soares Espreto d75ffc36da Changed the description of FILEPATH 2014-11-27 00:50:34 -02:00
Roberto Soares Espreto f8dc366f42 Add CVE-2014-7816 Directory Traversal for WildFly 8 Application 2014-11-27 00:13:29 -02:00
jvazquez-r7 d4e5cd25e1 Report credentials for new login level 15 2014-11-25 16:35:16 -06:00
jvazquez-r7 dc253efa19 Use Rex::Text.rand_text* 2014-11-25 16:35:06 -06:00
jvazquez-r7 f20afff1a8 Do return instead of abort 2014-11-25 16:34:57 -06:00
jvazquez-r7 d876efaa0f Delete ssh_socket attribute 2014-11-25 16:34:47 -06:00
jvazquez-r7 5091bc76ad Do minor cleanup 2014-11-25 16:34:22 -06:00
jvazquez-r7 c92a26e967 Update from upstream master 2014-11-25 16:30:45 -06:00
Tod Beardsley cca30b536f
Land #4094, fixes for OWA brute forcer
Fixes #4083

Thanks TONS to @jhart-r7 for doing most of the work on this!
2014-11-05 14:00:26 -06:00
Jon Hart ff8d481eec Update description to remove comments about defaults. Default to 2013 2014-11-04 21:21:19 -08:00
Jon Hart 2c028ca7a6 Move redirect check before body check -- a redirect won't have a body 2014-11-04 14:19:21 -08:00
Jon Hart 7855ede2de Move userpass emptiness checking into setup 2014-11-04 14:07:39 -08:00
Tod Beardsley 5fb268bbdf
Updates to better OWA fix 2014-11-04 14:32:54 -06:00
Tod Beardsley 51b96cb85b
Cosmetic title/desc updates 2014-11-03 13:37:45 -06:00
Jon Hart ba5035c7ef
Prevent calling match when there is no WWW-auth header 2014-10-28 17:13:57 -07:00
Jon Hart a5d883563d
Abort if 2013 desired but redirect didn't happen 2014-10-28 15:59:22 -07:00
Jon Hart 7ca4ba26b0
Show more helpful vprint messages when login fails 2014-10-28 15:48:04 -07:00
Jon Hart bce8f34a71
Set proper Cookie header from built cookie string 2014-10-28 15:41:36 -07:00
Jon Hart a3e1e11987
Ensure necessary cookies are present in OWA 2010 login response 2014-10-28 15:40:15 -07:00
Tod Beardsley 9c028c1435
Fixes #4083, make the split nil-safe
In the reported case, the expected cookies were not present on the
response, thus, the second split was trying to split a `nil`. This
solves the immediately problem by a) splitting up the splits into
discrete sections, and b) `NilClass#to_s`'ing the result of the first
split.

This makes the split safe. Now, there may be a larger issue here where
you're not getting the expected cookies -- it sounds like the target in
this case is responding differently, which implies that the module isn't
going to be effective against that particular target. But, at least it
won't crash. It may merely try fruitlessly the entire run, though. I
can't know without looking at a pcap, and in the reported case, a pcap
seems unlikely since this was a bug found in the field.
2014-10-28 14:59:20 -05:00
sinn3r e31c9f579d
Land #3987 - Buffalo Linkstation NAS Login Scanner 2014-10-28 01:45:57 -05:00
Jonathan Claudius d799625507 Switch to vprint_good for verbose good things 2014-10-28 01:53:54 -04:00
Jonathan Claudius 0fa461737e Fix null arguments syntax 2014-10-28 01:49:54 -04:00
Jonathan Claudius 7a727f9bff Make msftidy happy 2014-10-28 01:48:13 -04:00
Jonathan Claudius 595b4d2bbd Clean up aux check review comments 2014-10-28 01:44:52 -04:00
Jon Hart b8c9ef96ca
Land #4003, @nstarke's Login Scanner for WD MyBook Live NAS 2014-10-27 09:57:43 -07:00
Jon Hart 83df08aaa7 Properly encode body and catch invalid configs 2014-10-22 22:43:06 -07:00
Jon Hart ce8a9941ea Cleanup. Sanity check in setup. vprint 2014-10-22 10:36:24 -07:00
nstarke ee3dd3a2ac More Fixes for WD MyBook Live Scanner
Fixes include removing deregistered options
from credentials collection object and adding proof
 when there is no response
2014-10-22 03:06:21 +00:00
sinn3r 79d393c5aa Resolve merge conflicts
Conflicts:
	lib/msf/core/exploit/smb.rb
	lib/msf/core/exploit/tcp.rb
	modules/auxiliary/scanner/http/axis_login.rb
2014-10-21 13:06:35 -05:00
nstarke 82b74d5f3c Fixes to MyBook Live Module
This commit contains three fixes as requested on PR
#4003.  Those include:

+ Removing extraneous puts statement
+ Checking for valid response
+ SSL support.
2014-10-21 00:50:40 +00:00
nstarke 70b13819d9 Adding Login Scanner for MyBook Live
This is a LoginScanner auxiliary module for Western
Digital MyBook Live NAS devices as well as the spec
for testing.
2014-10-21 00:50:40 +00:00
jvazquez-r7 d6f4c02c2a
Land #3979, @wchen-r7 fixes #3976, http_login not using TARGETURI, neither uri normalization 2014-10-20 18:10:57 -05:00
jvazquez-r7 74ac16081f
Land #3981, @wchen-r7 Fixes #3974, axis_login.rb does not normalize URI 2014-10-20 17:51:13 -05:00
Jon Hart 2985b39267
Land #3980, @wchen-r7 fixed #3975 2014-10-19 17:11:06 -07:00
William Vu 10f3969079
Land #4043, s/http/http:/ splat
What is a splat?
2014-10-17 13:41:07 -05:00
William Vu 367ea5d3db
Add disclosure date 2014-10-17 12:35:28 -05:00
Tod Beardsley ccdaf2b576
Fix the banner
Turns out these will be broken in outstanding PRs for a while. At least
they won't be merge conflicts.
2014-10-17 12:23:23 -05:00
URI Assassin 35d3bbf74d
Fix up comment splats with the correct URI
See the complaint on #4039. This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
Tod Beardsley ad501b25e4
Filename move to be less redundant 2014-10-17 11:25:14 -05:00
James Lee 40b360555f
Make the error message a little more useful 2014-10-16 12:47:13 -05:00
Tod Beardsley 8cf10be779
Don't assume SSLv3 is set (kill FP+s) 2014-10-16 10:43:58 -05:00
Tod Beardsley 0b67efd51e
Add a POODLE scanner and general SSL version scan 2014-10-16 10:27:37 -05:00
James Lee 41a57b7ba5
Re-enable proxies for HTTP-based login scanners 2014-10-15 17:00:44 -05:00
Tod Beardsley 592f1e9893
Land #3999, errors on login suppressed by default
This also solved the merge conflict on:

	modules/auxiliary/scanner/http/jenkins_login.rb

Fixes #3995.
2014-10-14 16:35:09 -05:00
Tod Beardsley 56534e7ad3
Changed a login failed to vprint instead of print
People often like to supress failed attempts. Note that this change may
or may not have any effect, given the status of #3995.

This module was introduced in PR #3947.
2014-10-14 12:01:09 -05:00
sinn3r 9500038695 Fix #3995 - Make negative messages less verbose
As an user testing against a large network, I only want to see
good news, not bad news.
2014-10-11 11:11:09 -05:00
sinn3r 260aa8dc22 Fix #3984 - Fix broken check for drupal_views_user_enum 2014-10-10 10:23:20 -05:00
nstarke 472985a8a8 Adding Buffalo Linkstation NAS Login Scanner
I have added a login scanner for the Buffalo Linkstation
NAS.  I have been testing against version 1.68 of the
firmware.  Also included are some specs for this module.
2014-10-10 03:16:48 +00:00
sinn3r 7d8eadada6 Fix #3974 - Validate and normalize URI for axis_login 2014-10-09 14:33:39 -05:00
sinn3r c9c34beafa Fix #3975 - Register TARGETURI, not URI
The module should register TARGETURI and call #target_uri for
URI validation.
2014-10-09 14:10:29 -05:00
sinn3r d366cdcd6e Fix #3976 - validate and normalize user-supplied URI for http_login.rb
URI should be validated and normalized before being used in an HTTP
request.
2014-10-09 12:14:33 -05:00
Spencer McIntyre a535d236f6
Land #3947, login scanner for jenkins by @nstarke 2014-10-09 12:59:02 -04:00
Spencer McIntyre 6ea530988e Apply rubocop changes and remove multiline print 2014-10-09 12:57:39 -04:00
sinn3r df0d4f9fb2 Fix #3973 - Unneeded datastore option URI
When Glassfish is installed, the web root is always /, so there is
no point to make this arbitrary.
2014-10-09 00:06:15 -05:00
nstarke 328be3cf34 Fine Tuning Jenkins Login Module
At the request of the maintainers, I have deregistered the
RHOST option and made the failure proof a verbose only
print.
2014-10-08 17:53:21 -05:00
nstarke e1b0ba5d3d Removing 'require pry'
I accidentally left a reference to pry in my code.
Removing
2014-10-06 21:40:39 -05:00
nstarke b8c2643d56 Converting Module to LoginScanner w/ Specs
The previous commits for this Jenkins CI module relied on an
obsolete pattern.  Consequently, it was necessary to write
this module as a LoginScanner and incorporate the appropriate
specs so that the tests will run properly.
2014-10-06 21:14:10 -05:00
sinn3r d3354d01f0 Fix #3808 - NoMethodError undefined method `map'
NoMethodError undefined method `map' due to an incorrect use of
load_password_vars
2014-10-06 15:42:51 -05:00
nstarke 69400cf280 Fixing Author Declaration
I had accidentally listed myself three times as the author.
Fixing that issue so that I am only declaring myself once.
2014-10-05 23:17:28 -05:00
nstarke c0a3691817 Adding Jenkins-CI Login Scanner
Per Github issue #3871 (RM8774), I have added a
login scanner module for Jenkins-CI installations.
2014-10-05 22:08:34 -05:00
James Lee a65ee6cf30
Land #3373, recog
Conflicts:
	Gemfile
	Gemfile.lock
	data/js/detect/os.js
	lib/msf/core/exploit/remote/browser_exploit_server.rb
	modules/exploits/android/browser/webview_addjavascriptinterface.rb
2014-10-03 18:05:58 -05:00
William Vu 51bc5f52c1
Add CVE-2014-6278 support
Going with an OptEnum to simplify the code for now...
2014-10-01 16:40:55 -05:00
William Vu 5ea968f3ee
Update description to prefer the exploit module 2014-09-30 11:34:28 -05:00
William Vu 162e42080a
Update title to reflect scanner status 2014-09-30 11:04:17 -05:00
William Vu 12d7073086
Use idiomatic Ruby for the marker 2014-09-29 22:32:07 -05:00
William Vu 71d6b37088
Fix bad header error from pure Bash CGI script 2014-09-29 22:25:42 -05:00
William Vu df44dfb01a
Add OSVDB and EDB references to Shellshock modules 2014-09-29 21:39:07 -05:00
HD Moore 64dbc396dd Add header specification to check module, lands #3902 2014-09-27 12:58:29 -05:00
William Vu 044eeb87a0
Add variable HTTP header
Also switch from OptEnum to OptString for flexibility.
2014-09-27 12:39:24 -05:00
sinn3r c75a0185ec
Land #3897 - Fix check for apache_mod_cgi_bash_env & apache_mod_cgi_bash_env_exec 2014-09-26 17:06:23 -05:00
jvazquez-r7 80d9af9b49 Fix spacing in description 2014-09-26 17:03:28 -05:00
jvazquez-r7 9e540637ba Add module for CVE-2014-5377 ManageEngine DeviceExpert User Credentials 2014-09-26 17:02:27 -05:00
jvazquez-r7 3259509a9c Use return 2014-09-26 16:04:15 -05:00
jvazquez-r7 0a3735fab4 Make it better 2014-09-26 16:01:10 -05:00
jvazquez-r7 3538b84693 Try to make a better check 2014-09-26 15:55:26 -05:00
William Vu f66c854ad6
Fix description to be less lulzy 2014-09-25 07:09:08 -05:00
William Vu 9ed28408e1
Favor check_host for a scanner 2014-09-25 07:06:12 -05:00
William Vu 62b74aeaed
Reimplement old check code I was testing before
I would like to credit @wchen-r7 for providing advice and feedback.

@jvazquez-r7, too! :)
2014-09-25 06:38:25 -05:00
William Vu d9120cd586
Fix typo in description
Running on fumes here...
2014-09-25 01:22:08 -05:00
William Vu 790df96396
Fix missed var 2014-09-25 01:19:14 -05:00
William Vu e051cf020d
Add missed mixin 2014-09-25 01:14:58 -05:00
William Vu 27b8580f8d
Add protip to description
This gets you lots of shells.
2014-09-25 01:10:22 -05:00
William Vu b1e9b3664e
Improve false positive check 2014-09-25 01:01:11 -05:00
William Vu 8daf8d4339 Report vuln for apache_mod_cgi_bash_env
Now with fewer false positives! It's kinda like a check method.
2014-09-25 00:42:14 -05:00
William Vu 5a59b7cd89
Fix formatting 2014-09-24 23:12:11 -05:00
William Vu e6f0736797
Add peer 2014-09-24 22:48:51 -05:00
William Vu 8b6519b5b4
Revert shortened reference
But it's so long. :(
2014-09-24 22:43:33 -05:00
William Vu ecb10ebe28
Add variable HTTP method and other stuff 2014-09-24 22:41:01 -05:00
William Vu a600a0655d
Scannerify the module 2014-09-24 18:58:39 -05:00
Brendan Coles 5f6e84580c Clean up and use Metasploit::Credential 2014-09-24 01:00:23 +00:00
Brendan Coles 6cad5d9aeb Add ManageEngine DeviceExpert User Credentials 2014-09-18 19:18:59 +00:00
Tod Beardsley 5dad73a28f
Explicitly require credential_collection
Otherwise, you run into a require ordering problem on some platforms.
This is not a great way to fix this -- but it's a fast way, and possibly
even a good way, since you're being explicit about what your module
requirements are.
2014-09-17 15:47:30 -05:00
sinn3r 169d04020d
Land #3571 - Add Wordpress XML-RPC Login Scanner (with LoginScanner) 2014-09-16 14:51:24 -05:00
sinn3r 4ed1fa55f5 Don't need this header 2014-09-16 14:50:32 -05:00
jvazquez-r7 7d4c4c3658
Land #3699, @dmaloney-r7's ipboard login refactor 2014-09-15 08:29:42 -05:00
jvazquez-r7 373861abb0
Land #3526, @jhart-r7's soap_xml scanner cleanup 2014-09-12 13:29:52 -05:00
jvazquez-r7 12f949781a Use double quote for xml strings 2014-09-12 13:18:48 -05:00
jvazquez-r7 67c0ee654b Use Gem::Version 2014-09-12 10:35:12 -05:00
jvazquez-r7 0d054d8354 Update with master changes 2014-09-12 09:52:32 -05:00
James Lee 8aa06b8605
Better api for check_setup 2014-09-10 23:43:54 -05:00
James Lee c1658e5d51 Add a check_setup method 2014-09-10 20:09:46 -05:00
James Lee 84e4db9035 Don't raise in the middle
MSP-11343

This means we don't bomb out with an unhandled exception, instead
continuing attempting logins against the host even though it will never
succeed. Next up: verify state before running scan!()
2014-09-10 20:09:33 -05:00
James Lee b8000517cf
Land #3746, reinstate DB_ALL_CREDS 2014-09-08 17:24:12 -05:00
David Maloney 2ac15f2088
some fixes based on Christruncer's feedback
fixed some stuff i borked, back to you chris
2014-09-08 15:27:01 -05:00
David Maloney cd3cdc5384
Merge branch 'master' into feature/ipboard-login-refactor 2014-09-08 14:48:37 -05:00
Tod Beardsley 4abee39ab2
Fixup for release
Ack, a missing disclosure date on the GDB exploit. I'm deferring to the
PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00
David Maloney 09e6c2f51f
Merge branch 'master' into feature/MSP-11162/db-all-creds 2014-09-08 12:52:25 -05:00
sinn3r 0ccb39c057
Land #3726 - Fix typos in wordpress login 2014-09-08 09:40:57 -05:00