Tod Beardsley
21a97c0926
Add exploit for R7-2015-04, Firefox Proxy RCE
2015-03-23 13:44:41 -05:00
jvazquez-r7
75b2ef81dc
Land #4890 , @julianvilas's improvements struts_code_exec_classloader
2015-03-12 17:25:00 -05:00
jvazquez-r7
b6146b1499
Use print_warning
2015-03-12 17:22:03 -05:00
jvazquez-r7
8a452a7cba
Do somce cleanup
2015-03-10 17:10:44 -05:00
jvazquez-r7
4a84693fb0
Support windows
2015-03-10 16:58:33 -05:00
jvazquez-r7
c26bea3429
Fix credits
2015-03-10 16:27:07 -05:00
jvazquez-r7
980c83cb70
Fix metadata
2015-03-10 16:25:02 -05:00
jvazquez-r7
9e17874389
Exploit CVE-2015-1427
2015-03-10 16:17:51 -05:00
jvazquez-r7
f8f178b1db
Fix script_mvel_rce check
2015-03-10 09:39:02 -05:00
jvazquez-r7
9dc99e4207
Update check
2015-03-10 09:26:22 -05:00
jvazquez-r7
fc4b312879
Add template
2015-03-09 23:04:32 -05:00
Julian Vilas
fe822f8d33
Modify automatic file cleanup
2015-03-10 00:45:20 +01:00
Julian Vilas
0ef303cb6c
Fix Java payload
2015-03-10 00:01:27 +01:00
William Vu
3075c56064
Fix "response HTML" message
...
In modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb.
2015-03-07 17:08:08 -06:00
Julian Vilas
2eb0011a99
Autotrigger JSP shell at docBase
2015-03-07 20:41:08 +01:00
Julian Vilas
3be2bde5a2
Use bypass for bulletin S2-020
2015-03-07 19:14:20 +01:00
jvazquez-r7
9f3f8bb727
Merging #3323 work
2015-03-05 15:44:15 -06:00
jvazquez-r7
c388fd49c2
Fix print message
2015-03-05 15:43:54 -06:00
jvazquez-r7
e1a4b046a0
Add support for tomcat 7 to struts_code_exec_classloader
2015-03-05 15:40:24 -06:00
sinn3r
8978b1d7b5
Add a version
2015-03-05 11:29:44 -06:00
Ricardo Almeida
32188f09d6
Update phpmoadmin_exec.rb
...
Changes:
Added required comment at the top of the file;
Changed Class name "Metasploit3" >> "Metasploit4";
Standard name/email format for public PoC author.
2015-03-05 12:56:08 +00:00
Ricardo Almeida
95962aab0d
Update phpmoadmin_exec.rb
...
Changes:
"Check if vulnerable" code improvement;
Payload delivery code improvement;
Minor indent issues.
Thanks for your feedback guys :)
2015-03-05 12:46:53 +00:00
Ricardo Almeida
9530e15c81
Update phpmoadmin_exec.rb
...
Changes:
Changed description section;
Changed 'URL' to 'EDB' in references section;
Added newline at the end.
2015-03-04 21:59:08 +00:00
Ricardo Almeida
c19895ac85
Update phpmoadmin_exec.rb
...
Changes:
Added new URL;
Added CVE number;
Corrected the disclosure date;
Corrected the normalize_uri() function syntax.
2015-03-04 21:31:44 +00:00
Ricardo Almeida
4d67e0e1bb
Add PHPMoAdmin RCE
2015-03-04 18:17:31 +00:00
Tod Beardsley
94b4bc24bd
Minor word choice changes
...
[See #4804 ]
2015-02-24 12:29:11 -06:00
William Vu
5cdb678654
Fix invalid use of RPORT (should be RHOST)
2015-02-24 05:24:09 -06:00
jvazquez-r7
1633a6d4fd
Read response back while staging
2015-02-20 01:06:47 -06:00
jvazquez-r7
b0c6671721
Add module for ZDI-15-038, HPCA command injection
2015-02-20 00:41:17 -06:00
sinn3r
49f4b68671
Land #4790 , injecting code into eval-based Javascript unpackers
2015-02-19 12:33:52 -06:00
joev
483a145d19
Fix msftidy issues.
2015-02-18 14:08:03 -06:00
joev
f8609ab0ba
Add file format exploit for injecting code into unpackers.
2015-02-18 11:26:45 -06:00
Brent Cook
e08206d192
Land #4768 , jvazquez-r7 reorganizes the SMB mixins
2015-02-17 10:36:19 -06:00
jvazquez-r7
0372b08d83
Fix mixin usage on modules
2015-02-13 17:17:59 -06:00
jvazquez-r7
29c68ef1ec
End fixing namespaces
2015-02-10 11:55:14 -06:00
jvazquez-r7
1f4fdb5d18
Update from master
2015-02-10 10:47:17 -06:00
William Vu
a7156cf4a8
Fix zabbix_script_exec datastore
2015-02-05 02:53:22 -06:00
jvazquez-r7
fbf32669c6
Use single quote
2015-02-04 09:47:27 -06:00
julianvilas
de09559cc8
Change HTTP requests to succeed when going through HTTP proxies
2015-02-04 15:32:14 +01:00
Julian Vilas
f983c8171e
Modify description to match both Struts 1.x and 2.x versions
2015-01-30 12:35:38 +01:00
Julian Vilas
1a11ae4021
Add new references about Struts 1
2015-01-29 23:27:52 +01:00
Julian Vilas
4cc5844baf
Add Struts 1 support
2015-01-29 23:12:34 +01:00
Tod Beardsley
bae19405a7
Various grammar, spelling, word choice fixes
2015-01-26 11:00:07 -06:00
jvazquez-r7
d8aa282482
Delete some double quotes
2015-01-22 18:21:25 -06:00
jvazquez-r7
4c72b096b6
Switch variable from file_name to operation
2015-01-22 18:20:11 -06:00
jvazquez-r7
b003d8f750
Do final cleanup
2015-01-22 18:17:14 -06:00
jvazquez-r7
911485f536
Use easier key name
2015-01-22 18:11:48 -06:00
jvazquez-r7
eff49b5fd3
Delete files with Rex::Java::Serialization
2015-01-22 17:59:43 -06:00
jvazquez-r7
37bf66b994
Install instaget with Rex::Java::Serialization
2015-01-22 16:54:49 -06:00
jvazquez-r7
20d7fe631e
Auto detect platform without raw streams
2015-01-22 15:15:08 -06:00