HD Moore
d5ae005332
Rename with underscores
2013-02-01 14:39:01 -06:00
HD Moore
4e6c93ec7d
Various style fixes, fix ruby 1.8 compat
2013-02-01 14:38:20 -06:00
sinn3r
a7eba7a44a
Merge branch 'http-client-spec-restructure' of github.com:jlee-r7/metasploit-framework into jlee-r7-http-client-spec-restructure
2013-02-01 10:40:38 -06:00
sinn3r
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
Tod Beardsley
293f9da5cf
Merge branch 'bug/pro-only-models'
...
Updates to use MDM 0.4.0 (was using 0.3.0)
2013-01-31 16:14:51 -06:00
egypt
9d4bc6bb89
Restructure a bit and add checks for doubled '//'
2013-01-31 15:34:34 -06:00
jvazquez-r7
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
sinn3r
39cdb89831
Oh don't be so sensitive about it.
...
Fixnum vs String
2013-01-31 15:04:13 -06:00
sinn3r
1a01d6d033
Fix scrutinizer checks
2013-01-31 14:48:54 -06:00
egypt
5332e80ae9
Fix errant use of .to_s instead of .path
2013-01-31 14:18:42 -06:00
sinn3r
4d7daacfb4
I wanna know where it's stored
2013-01-31 11:55:11 -06:00
sinn3r
13da4181c5
Merge branch 'feature/rm7605-version-for-MSCACHE-v1-and-v2' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-feature/rm7605-version-for-MSCACHE-v1-and-v2
2013-01-31 11:51:55 -06:00
jvazquez-r7
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
jvazquez-r7
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
sinn3r
4de5e475c3
Fix check
2013-01-31 02:15:50 -06:00
sinn3r
66ca906bfb
This is a string, not a variable
2013-01-31 01:56:05 -06:00
sinn3r
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
sinn3r
d8b15daaf2
Correct rspect to the correct behavior
2013-01-30 16:13:17 -06:00
sinn3r
95cc84f5e8
Updates normalize_uri()
...
This function should not remove the trailing slash, because you may
end up getting a different HTTP response. The new function also
allows multiple URIs as argument, and will just merge & normalize
them together. [SeeRM #7733 ]
2013-01-30 15:42:21 -06:00
jvazquez-r7
1e1cbd7445
Merge branch 'wldap32_railgun' of https://github.com/Meatballs1/metasploit-framework into Meatballs1-wldap32_railgun
2013-01-30 21:01:31 +01:00
sinn3r
a68ad8f600
Merge branch 'bug/rm7021-MySQL-login-scanner-exception' of github.com:lmercer-r7/metasploit-framework into lmercer-r7-bug/rm7021-MySQL-login-scanner-exception
2013-01-30 13:22:33 -06:00
sinn3r
368a7a7c64
Merge branch 'dvr_config' of github.com:jvazquez-r7/metasploit-framework into jvazquez-r7-dvr_config
2013-01-30 12:39:59 -06:00
sinn3r
ec0db66fcb
Merge branch 'patch-2' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-2
2013-01-30 12:36:53 -06:00
sinn3r
09fd224763
Merge branch 'patch-1' of github.com:jjarmoc/metasploit-framework into jjarmoc-patch-1
2013-01-30 12:33:40 -06:00
jvazquez-r7
38a6402bf3
Merge branch 'chap_secrets' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-chap_secrets
2013-01-30 19:20:29 +01:00
sinn3r
de544dc3d4
Handle multiple IPs
2013-01-30 11:25:43 -06:00
jvazquez-r7
cf6aae7bb7
add checks for enabled services
2013-01-30 17:37:41 +01:00
jvazquez-r7
668520d8d9
added module for cve-2013-1391
2013-01-30 17:22:03 +01:00
sinn3r
c5ab059a1a
Really fix the :host key
2013-01-29 18:24:11 -06:00
Tod Beardsley
b1f8b87f14
Chmod -x the joomla modules. Also fix a title typo
...
joomla_pages was incorrectly titled as "Joomla Version Scanner," which
of course is actually joomla_version.
2013-01-29 17:02:43 -06:00
sinn3r
8a9dba2ffe
Updates host info
2013-01-29 16:35:36 -06:00
Tod Beardsley
aaf18f0257
EOL whitespace, yo.
2013-01-29 14:22:30 -06:00
sinn3r
77ea5a40f5
Do report_auth_info
2013-01-29 14:19:42 -06:00
Tod Beardsley
6002e35460
Merge pull request #1397 from wchen-r7/target_uri_fix
...
normalize_uri fixes (double slashes and trailing slash)
2013-01-29 11:26:30 -08:00
Jeff Jarmoc
55600ce276
Update modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
...
Remove unecessary include. Tested against rails 3.2.10.
2013-01-29 11:46:02 -06:00
Jeff Jarmoc
929814dabf
Update modules/exploits/multi/http/rails_json_yaml_code_exec.rb
...
Removes unnecessary include. Tested on 3.0.19 and 2.3.15.
2013-01-29 11:04:20 -06:00
Tod Beardsley
e618a2a347
Merge pull request #1405 from rapid7/add/upnp-scanner
...
Adds CVE reporting to the UPnP scanner
2013-01-28 23:10:14 -08:00
Tod Beardsley
f5eaa87c80
comment typo
2013-01-29 01:05:18 -06:00
Tod Beardsley
25ae49154a
Added author, vprint dressing-up
2013-01-29 00:55:45 -06:00
HD Moore
358f7cc62f
Adds CVE reporting to the UPnP scanner
2013-01-29 00:15:39 -06:00
Tod Beardsley
38785015e1
Missing period in description
2013-01-28 23:08:53 -06:00
Tod Beardsley
c42d4a6617
Merge for CVE-2013-0156 RoR Exploit
...
Also massages the RUBY payload.
2013-01-28 23:06:05 -06:00
lmercer
da5436e565
Made changes as described in Redmine issue 7605
2013-01-28 23:29:50 -05:00
James Lee
464d048eca
Remove debugging print
2013-01-28 22:25:57 -06:00
James Lee
dc19968555
Minor cleanups
2013-01-28 22:21:03 -06:00
James Lee
c0757ce905
Add support for 2.x
2013-01-28 21:41:15 -06:00
James Lee
92c736a6a9
Move fork stuff out of exploit into payload mixin
...
Tested xml against 3.2.10 and json against 3.0.19
2013-01-28 21:34:39 -06:00
James Lee
ee2579607a
Working against 3.0.19
2013-01-28 21:05:14 -06:00
sinn3r
ca70041f32
Adds a post module that loots chap-secrets
2013-01-28 16:23:26 -06:00
sinn3r
1ea1ad3166
Fix the forgotten path()
2013-01-28 14:48:22 -06:00