Commit Graph

25324 Commits (e35ee1f037afc3eaa58f7d2222ea9c9113048651)

Author SHA1 Message Date
Michael Messner ac727dae89 dlink_dsp_w215_hnap_exploit 2014-07-08 22:13:13 +02:00
Michael Messner 579ce0a858 cleanup 2014-07-08 21:58:15 +02:00
Michael Messner 51001f9cb3 Merge branch 'master' of git://github.com/rapid7/metasploit-framework into dlink_upnp_msearch_command_injection 2014-07-08 21:39:53 +02:00
Michael Messner 84d6d56e15 cleanup, deprecated 2014-07-08 21:36:07 +02:00
Michael Messner 10bcef0c33 cleanup, deprecated 2014-07-08 21:34:28 +02:00
William Vu 4eeab66ebe
Land #3497, comma-separated get_cookies 2014-07-08 11:00:40 -05:00
cdoughty-r7 e5b5439e47 Merge pull request #3500 from todb-r7/fixup-release
Release fixup: Description/whitespace changes (minor)
2014-07-07 13:56:07 -05:00
Tod Beardsley 9fef2ca0f3
Description/whitespace changes (minor)
Four modules updated for the weekly release with minor cosmetic fixes.

- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
jvazquez-r7 f1fcc23a08
Land #3499, Yokogawa's CVE-2014-3888 module 2014-07-07 11:37:11 -05:00
jvazquez-r7 cd6b83858b
Add new Yokogawa SCADA exploit 2014-07-07 11:20:49 -05:00
HD Moore f8d738d062
Fix QWORD usage, merges #3498 2014-07-07 10:43:48 -05:00
OJ bdf27b1834 Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 10:42:58 -05:00
HD Moore 8f39590f0f
Framework is currently pegged to 0.17.0. Closes #3495 2014-07-07 09:43:05 -05:00
OJ ddfd912354 Fix up the TLVs that are now QWORD values in MSF
Various values were adjusted to become QWORD values in MSF an windows
meterpreter, but the changes were not ported over to python, php and
java. This commit fixes this inconsistency.
2014-07-07 19:46:54 +10:00
HD Moore 5961861c97
Merge #2809 into master 2014-07-06 23:46:10 -05:00
HD Moore 6f433db609
Minor typo fix 2014-07-06 23:44:17 -05:00
HD Moore 3ef35f19dc Prefer strip over chomp 2014-07-06 23:17:09 -05:00
HD Moore d76081bcef Prefer strip over chomp 2014-07-06 23:16:56 -05:00
HD Moore ab7848a895
Merge master for testing of #2809 2014-07-06 22:27:58 -05:00
jvazquez-r7 14b1ed5290 Add spec for comma separated cookies 2014-07-06 16:23:43 -05:00
Michael Messner e7ade9f84d migrate from wget to echo mechanism 2014-07-06 21:45:53 +02:00
jvazquez-r7 f51feb7f52 Modify get_cookies regular expression 2014-07-06 13:22:31 -05:00
jvazquez-r7 5e7f356f31
Land #3494, @Firefart's update for Mailpoet's exploit 2014-07-06 11:27:18 -05:00
Christian Mehlmauer d5843f8eaf
Updated Mailpoet exploit to work with another version 2014-07-06 10:53:40 +02:00
William Vu cf5d29c53b
Add EOF newline to satisfy msftidy 2014-07-05 13:51:12 -05:00
William Vu 84a3b94679
Land #3493, small fixes for WP MailPoet module 2014-07-05 13:50:09 -05:00
HD Moore 6d9bf83ded Small fixes for the recent WP MailPoet module
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
jvazquez-r7 98a82bd145
Land #3486, @brandonprry's exploit for CVE-2014-4511 gitlist RCE 2014-07-04 16:41:04 -05:00
jvazquez-r7 59881323b9 Clean code 2014-07-04 16:40:16 -05:00
jvazquez-r7 aedd347191
Land all the commits on #3491, @jlee-r7's patch for php meterpreter 2014-07-03 18:14:52 -05:00
jvazquez-r7 20cf25da7e
Land #3491, @jlee-r7's fix for php meterpreter on php 5.5.0 2014-07-03 18:11:20 -05:00
Brandon Perry a33a6dc79d add bash to requiredcmd 2014-07-03 16:52:52 -05:00
James Lee 41cd5527c8
Close the server socket in php bind stager
This was previously left dangling, which leaves the port open, but
doesn't do anything with subsequent connections.
2014-07-03 16:52:09 -05:00
Brandon Perry 806f26424c && not and 2014-07-03 16:50:21 -05:00
Brandon Perry 6fb2fc85a0 address @jvasquez-r7 review points 2014-07-03 16:43:01 -05:00
James Lee 9246f7a0ce
Strip the NULL that PHP no longer strips
As of PHP 5.5.0, unpack("a", ...) no longer strips the NULL byte from
the end of the string. A new format specifier, Z, was introduced to
perform the old behavior, but we don't have a good way to test for its
existence. Instead, just remove it with str_replace
2014-07-03 15:58:05 -05:00
jvazquez-r7 2efa3d6bc0
Land #3487, @FireFart's exploit for WordPress MailPoet file upload 2014-07-03 14:34:58 -05:00
sinn3r f1b7a9f421
Land #3488 - loot storage into the enum_services post module 2014-07-03 14:18:16 -05:00
sinn3r 79c433e7ea
Land #3480 - Oracle Event Processing FileUploadServlet Arbitrary File Upload 2014-07-03 14:09:12 -05:00
sinn3r c207d14d1f Update description 2014-07-03 14:08:31 -05:00
jvazquez-r7 97a6b298a8 Use print_warning 2014-07-03 13:38:20 -05:00
Chris bb54fecdd1 Merge pull request #1 from wchen-r7/pr3488_fix
More cosmetic fixes for enum_services
2014-07-03 19:31:38 +01:00
Christian Mehlmauer dcba357ec3
implement feedback 2014-07-03 20:27:08 +02:00
sinn3r 2c999d3099 Better describe the problem 2014-07-03 13:06:19 -05:00
sinn3r 9aa3c75234 Do something for the shut-everything-up event handling practice 2014-07-03 13:04:56 -05:00
sinn3r 8a513058f6 Fix comments 2014-07-03 12:59:10 -05:00
sinn3r ebeb9880a6 Favor "unless" over "if" for negative conditions
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:55:13 -05:00
sinn3r 1d828a951f string interpolation is preferred over concatenation
Please refer to https://github.com/bbatsov/ruby-style-guide
2014-07-03 12:46:56 -05:00
sinn3r b781b87d74 Avoid unnecessary "if not" 2014-07-03 12:44:17 -05:00
Brandon Perry 86a31b1896 Update gitlist_exec.rb 2014-07-03 12:40:37 -05:00