Commit Graph

1628 Commits (d3ebb8ae93e4d5ae8034f6b0efad99ff55cb195b)

Author SHA1 Message Date
wchen-r7 154fb585f4 Remove bad references (dead links)
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
wchen-r7 896099b297
Land #6082, Directory Traversal for Elasticsearch 2015-10-16 11:00:27 -05:00
wchen-r7 e59a4e36b7 Fix check 2015-10-16 10:59:04 -05:00
Roberto Soares 41e9f8a91b Some code changes from Roberto 2015-10-16 10:47:19 -05:00
William Vu 2a2d8d941d
Land #6054, HTTP Host header injection module 2015-10-13 23:37:31 -05:00
jaguasch d933962ff9 Last fix, including espreto minor changes 2015-10-13 18:41:51 +01:00
William Vu c642057fa0 Clean up module 2015-10-13 12:03:41 -05:00
jaguasch 772f9d8742 Changes based on espreto recommendations 2015-10-13 16:06:26 +01:00
jaguasch 7790f14af2 Auxiliary module to exploit CVE-2015-5531 (Directory traversal) in Elasticsearch before 1.6.1 2015-10-13 13:05:58 +01:00
Tod Beardsley 185e947ce5
Spell 'D-Link' correctly 2015-10-12 17:12:01 -05:00
wchen-r7 3a0f7ce699
Land #6044, ManageEngine ServiceDesk Plus Arbitrary File Download 2015-10-07 15:24:14 -05:00
wchen-r7 f0b6d3c68e Change error message to avoid an undef method bug 2015-10-07 15:23:29 -05:00
JT 205b175a95 Update host_header_injection.rb 2015-10-07 13:20:06 +08:00
JT 6b3da7f7d8 Update host_header_injection.rb
made some changes as suggested by @espreto
2015-10-07 13:01:49 +08:00
JT a1e0e0cdd9 Add HTTP Host-Header Injection Detection 2015-10-07 11:19:00 +08:00
William Vu 3f2d5d7f06 Add newline back in 2015-10-05 11:42:58 -05:00
xistence 41b07eeef6 Small changes to servicedesk_plus_traversal 2015-10-05 08:56:00 +07:00
Roberto Soares ed8f5456a4 Fix bugs in drupal_views_user_enum. 2015-10-04 05:53:54 -03:00
xistence e6a57d5317 Add ManageEngine ServiceDesk Plus Path Traversal module 2015-10-03 15:54:44 +07:00
William Vu 2e2d27d53a
Land #5935, final creds refactor 2015-10-01 00:25:14 -05:00
William Vu 494b9cf75f Clean up module
Prefer TARGETURI and full_uri.
2015-09-30 22:37:03 -05:00
Jake Yamaki 2e5999a119 Missed colon for output standardization 2015-09-30 16:41:46 -04:00
Jake Yamaki 3d41b4046c Standardize output and include full uri 2015-09-30 16:33:15 -04:00
Jake Yamaki 1bfa087518 Add IP to testing results
When specifying multiple hosts the resulting output is useless because you don't know which bypass goes to what IP address
2015-09-30 15:22:24 -04:00
wchen-r7 d55757350d Use the latest credential API, no more report_auth_info 2015-09-04 03:04:14 -05:00
HD Moore 6e4ae1238b
Land #5791, show the VHOST in module output 2015-09-03 11:36:19 -05:00
HD Moore b8eee4a9e4 Show the IP address if it doesn't match the VHOST 2015-09-03 11:35:38 -05:00
HD Moore 1b021464fe
Land #5919, remove deprecated VMware modules & update resource script. 2015-09-03 10:23:48 -05:00
HD Moore 126fc9881e Cleanup and tweaks 2015-09-02 12:48:53 -05:00
JT b89b6b653a Update trace.rb 2015-09-03 01:26:45 +08:00
JT 73bf812dfd Update trace.rb
removed the cookie
2015-09-03 00:35:23 +08:00
JT 5ecee6aaba Update trace.rb
removed some spaces so that msftidy will be happy
2015-09-03 00:27:22 +08:00
JT 34e0819a6e Modified the HTTP Trace Detection to XST Checker
This was suggested by HD Moore in https://github.com/rapid7/metasploit-framework/pull/5612
2015-09-03 00:19:08 +08:00
Waqas Ali 8e993d7793 Remove deprecated vmware modules 2015-09-02 13:00:15 +05:00
wchen-r7 0c4b020089
Land #5913, Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-02 00:01:35 -05:00
HD Moore 381297ba93 Fix the regex flags 2015-09-01 23:07:48 -05:00
Roberto Soares 626704079d Changed output store_loot 2015-09-02 00:18:10 -03:00
Roberto Soares 96600a96ab Changed html parse by @wchen-r7 2015-09-01 22:03:21 -03:00
Alexander Salmin 3c72467b7d Fixes bug where "cert.rb:47: warning: flags ignored" happens due to some issuer patterns. 2015-09-02 01:02:46 +02:00
Roberto Soares 35661d0182 Add WP NextGEN Gallery Directory Traversal Vuln 2015-09-01 13:28:04 -03:00
wchen-r7 3d4cb06c67
Land #5807, Added Module WP Mobile Pack Vuln 2015-08-28 13:43:00 -05:00
wchen-r7 9e7f6d6500 Typos 2015-08-28 13:42:37 -05:00
wchen-r7 29e92aaabe
Land #5806, WordPress Subscribe Comments File Read Vuln 2015-08-28 11:52:59 -05:00
wchen-r7 62e6b23b4c Typo 2015-08-28 11:52:13 -05:00
Brent Cook b17d8f8d49
Land #5768, update modules to use metasploit-credential 2015-08-17 17:08:58 -05:00
Roberto Soares 7bb4f9479f Added new reference and removed empty line. 2015-08-04 03:58:57 -03:00
Roberto Soares d9b6e9cc58 Changed res condition and some words. 2015-08-04 03:44:25 -03:00
Roberto Soares 19ceccd93a Added JSON parse output. 2015-08-04 03:13:11 -03:00
Roberto Soares f4679f5341 Added WP Mobile Pack Info Disclosure Vuln - Functional Module. 2015-08-04 02:21:26 -03:00
Roberto Soares d221e9d961 Added more references. 2015-08-03 02:46:54 -03:00