Commit Graph

92 Commits (cd65478d29e74715e90736f2537c48e4a51d4547)

Author SHA1 Message Date
William Vu 013781fb9c
Land #5292, WordPress custom file version check 2015-05-05 11:21:18 -05:00
William Vu 18791ce933 Clean up code 2015-05-05 11:19:40 -05:00
Christian Mehlmauer 55967172be
allow custom regex 2015-05-02 21:06:15 +02:00
Christian Mehlmauer 9678479abb
check version from custom file 2015-05-02 18:34:10 +02:00
Tom Sellers c441ff81a1 Update comment in wordpress/version.rb
The comment 'All versions are vulnerable' makes sense on line 163 where there is no introduced or fixed version.  On line 175 though there is a fixed version, just no introduced version.  Adjusting comment text.
2015-05-01 17:05:31 -05:00
jvazquez-r7 4224008709
Delete print_debug/vprint_debug 2015-04-21 11:14:03 -05:00
Christian Mehlmauer dc8f266345
fix readme detection bug 2015-04-16 14:57:29 +02:00
Christian Mehlmauer 9df09a1d60 readme detection 2015-04-16 14:41:30 +02:00
jvazquez-r7 fe5ddc01ad
Fix return documentation 2015-04-03 14:16:06 -05:00
root 4ba761986f Correct YARD doc comments 2015-04-02 16:14:25 +05:00
rastating 3669fb678d Fix parameter default value 2015-02-26 21:15:33 +00:00
rastating 06cb30a20a Remove duplicated code 2015-02-24 22:43:59 +00:00
rastating 37a55cce74 Abstracted version comparison code 2015-02-22 16:20:46 +00:00
rastating 3d38d46729 Add extra version checking methods
Added the ability to check style.css for theme versions as version
tagging in style.css is a requirement of WordPress theme development.
Also updated existing readme checking to allow for a nil fixed_version
parameter in scenarios where all versions are vulnerable in an EOL
product.
2015-02-22 16:20:46 +00:00
Christian Mehlmauer c820431879
Land #4770, Wordpress Ultimate CSV Importer user extract module 2015-02-22 08:52:45 +01:00
rastating 708340ec5a Tidy up various bits of code 2015-02-21 12:53:33 +00:00
rastating 7e1e0f8196 Add plugin upload functionality 2015-02-21 01:20:20 +00:00
rastating e0d87a8886 Update to use store_loot for CSV export 2015-02-17 19:21:31 +00:00
rastating a22f5c1287 Add extra readme check for case sensitive servers 2015-02-14 23:43:04 +00:00
Christian Mehlmauer 2c956c0a0f
add wordpress platform theme rce 2015-01-31 22:02:44 +01:00
jvazquez-r7 03169f231b Handle one redirection on wordpress_and_online? 2015-01-30 10:26:23 -06:00
jvazquez-r7 c098de27ee Do safer body check 2015-01-30 10:22:43 -06:00
jvazquez-r7 bc65d2f526 Make filename compatible with namespace 2015-01-30 10:22:07 -06:00
Christian Mehlmauer 7504358db3
code style and typos 2015-01-30 15:57:32 +01:00
Christian Mehlmauer a0eaf2f626
add wordpress ghost scanner module 2015-01-30 15:29:51 +01:00
Christian Mehlmauer 5b964bba6a
Land #4518, Wordpress long password DoS 2015-01-18 23:55:06 +01:00
Christian Mehlmauer 14b1d8dc5f
no space required 2015-01-08 23:43:06 +01:00
Christian Mehlmauer f7eb9a6cf8
update wordpress version detection regex 2015-01-08 23:36:59 +01:00
rastating 294cd80a08 Update documentation for wordpress_login 2015-01-07 18:32:52 +00:00
rastating e90e98547b Add configurable timeout to WordPress login 2015-01-07 17:06:31 +00:00
Christian Mehlmauer 056046f38b
update wordpress readme regex 2015-01-01 23:13:20 +01:00
jvazquez-r7 19effa7eb9 Fix feedback's review 2014-12-06 21:47:55 -06:00
Vincent Herbulot 6d07dffa6c Fix a typo that was preventing WAR deletion
I made a typo while refactoring jboss_deploymentfilerepository. This
typo was preventing the WAR payload to be removed after its execution.
2014-10-01 18:04:21 +02:00
us3r777 47507e1ff1 Slight modifications to pass msftidy 2014-09-29 23:59:12 +02:00
us3r777 7125a9f047 Added YARD doc to the mixin
Also make a slight correction on jboss_deployementfilerepository.rb to
handle nil responses.
2014-09-28 19:44:37 +02:00
us3r777 02d202dd44 Refactor Jboss mixin
Use send_request_cgi and vars_get
rand_text_alpha -> Rex::Text.rand_text_alpha
2014-09-24 22:41:58 +02:00
us3r777 919eec250d Refactor auto_target from Jboss mixin
Removed fail_with and targets from the mixin.
2014-09-24 22:15:32 +02:00
us3r777 b8ba2dd703 Fix timeout with HEAD request in delete_file 2014-09-08 18:34:50 +02:00
us3r777 cc5b852517 Fixed spec for lib/msf/http/jboss
Revert commit abdd72e8c6.
Added some spec for lib/msf/http/jboss/deployment_file_repository_scripts
2014-09-08 17:42:04 +02:00
Vincent Herbulot 283e83028f Fix problem with HEAD requests
Split lib/msf/http/jboss/script into
lib/msf/http/jboss/deployment_file_repository_scripts.rb and
lib/msf/http/jboss/bean_shell_scripts.rb as
2014-09-08 14:02:15 +02:00
us3r777 403eae3579 Jboss file deployment repository refactorization
Moved lib/msf/http/jboss/bean_shell_script.rb to
lib/msf/http/jboss/script.rb. Moved head_stager_jsp to script.rb.
Removed stager_jsp to use the function from the mixin.
2014-08-30 13:15:37 +02:00
us3r777 33f90de7f6 Refactoring jboss module to work with the Mixin
Moved upload and delete methods of deploymentfilerepository to the
mixin. Removed call_uri_mtimes method as the module now uses deploy
from the mixin.
2014-08-29 20:08:35 +02:00
us3r777 af9f3b83a7 Refactoring jboss module to work with the Mixin
Removed datastore USERNAME and PASSWORD which are provided by
Msf::Exploit::Remote::HttpClient. Removed datastore PATH and VERB which
are provided by the mixin (lib/msf/http/jboss). Moved target detection
to the mixin.
2014-08-27 22:54:40 +02:00
jvazquez-r7 7ee5423310 Add specs for Msf::HTTP::JBoss::Base 2014-08-22 15:11:27 -05:00
jvazquez-r7 4742dbad91 Fix YARD documentation 2014-08-22 14:18:13 -05:00
jvazquez-r7 38e6576990 Update 2014-08-22 13:22:57 -05:00
Vincent Herbulot fd40a68525 Added YARD documentation to lib/msf/http/jboss 2014-08-18 18:19:37 +02:00
Christian Mehlmauer d6e60453d6
Added Wordpress XMLRPC DoS 2014-08-07 11:38:44 +02:00
jvazquez-r7 73ca8c0f6d Work on jboss refactoring 2014-08-01 14:28:26 -05:00
us3r777 d6c7eb8850 Fixed a typo introduced in commit 9e92448 2014-07-29 09:04:12 +02:00