ccef6e12d2
changed to array in array
2013-05-16 19:03:47 +02:00
460542506d
changed to array
2013-05-16 19:01:20 +02:00
60e0cfb17b
Trivial description cleanup
2013-04-29 14:11:20 -05:00
6c76bee02f
Trying to make the description sound smoother
2013-04-26 16:02:28 -05:00
9b5e96b66f
Fix @jlee-r7's feedback
2013-04-25 14:53:09 -05:00
52b721c334
Update description
2013-04-25 14:47:35 -05:00
84e9f80ffa
Add check for WP-Super-Cache
2013-04-25 14:43:16 -05:00
15c8d92148
Fix version checked and add reference
2013-04-25 12:48:36 -05:00
7d317e5933
Switch from post to get on check
2013-04-25 07:51:28 -05:00
d55faa14d3
Add check function
2013-04-25 07:44:37 -05:00
51fd07a145
Add BID reference
2013-04-24 21:48:05 -05:00
378c2079a2
Add hdm also as author
2013-04-24 17:37:29 -05:00
b816dd569c
Update description
2013-04-24 17:34:25 -05:00
573e880a62
Use the correct post id when posting
2013-04-24 17:30:24 -05:00
ded0269ba0
Add POST ID bruteforcing capabality
2013-04-24 17:21:36 -05:00
fca4c3b8b2
Add sha1 sum check to allow execution
2013-04-24 16:10:49 -05:00
d2e29b846c
Add module for Wordpress Total Cache PHP Injection
2013-04-24 15:29:40 -05:00
1d95abc458
cleanup for joomla_comjce_imgmanager
2013-03-26 12:02:39 +01:00
9b3bbd577f
module moved to unix webapps
2013-03-26 12:02:08 +01:00
4852f1b9f7
modify exploits to be compatible with the new netcat payloads
2013-03-11 18:35:44 +01:00
2160718250
Fix file header comment
...
[See #1555 ]
2013-03-07 17:53:19 -06:00
c290bc565e
Merge branch 'master' into feature/http/authv2
2013-02-28 14:33:44 -06:00
0ae489b37b
last of revert-merge snaffu
2013-02-19 23:16:46 -06:00
6b1bb9e1e8
Added module for OSVDB 90222
2013-02-16 13:11:46 +01:00
8ddc19e842
Unmerge #1476 and #1444
...
In that order. #1476 was an attempt to salvage the functionality, but
sinn3r found some more bugs. So, undoing that, and undoing #1444 as
well.
First, do no harm. It's obvious we cannot be making sweeping changes in
libraries like this without a minimum of testing available. #1478 starts
to address that, by the way.
FixRM #7752
2013-02-11 20:49:55 -06:00
8d013d1034
Merge branch 'master' into http/auth_methods
2013-02-04 13:11:57 -06:00
4c1e630bf3
BasicAuth datastore cleanup
...
cleanup all the old BasicAuth datastore options
2013-02-04 13:02:26 -06:00
027ba28e70
Merge branch 'jvazquez-r7-datalife_template'
2013-02-01 16:27:18 -06:00
a63cf6977c
Fix 1.8 support
2013-02-01 14:39:32 -06:00
bf7bb9952e
added template stuff improve
2013-02-01 11:53:42 +01:00
de8572d934
Use normalize_uri for URI
2013-01-31 16:57:48 -06:00
70b252dc7b
Merge branch 'normalize_uri_update2' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-normalize_uri_update2
2013-01-31 22:32:50 +01:00
b2ce9302c6
uri normalization in the old way
2013-01-31 16:59:49 +01:00
365e1b0557
added module for cve-2013-1412
2013-01-31 16:09:14 +01:00
c174e6a208
Correctly use normalize_uri()
...
normalize_uri() should be used when you're joining URIs. Because if
you're merging URIs after it's normalized, you could get double
slashes again.
2013-01-30 23:23:41 -06:00
970591a85f
Add ZoneMinder arbitrary command execution exploit
2013-01-22 22:56:50 +10:30
9769efbf01
references and date updated
2013-01-20 17:38:37 +01:00
dc318c5aed
update php_charts_exec metadata
2013-01-21 02:12:42 +10:30
f975a42571
move and update php_charts_exec metadata
2013-01-21 02:10:48 +10:30
2348a0b066
final cleanup and testing
2013-01-16 11:55:14 +01:00
064ea63a72
Fixes
2013-01-16 05:22:43 +01:00
18f81fd6f4
Nagios3 history.cgi exploit
2013-01-15 15:32:32 +01:00
2a1ab2c99a
Improve the module
2013-01-07 19:03:58 -06:00
1d3c1ec7fc
Merge branch 'master' of github.com:CharlieEriksen/metasploit-framework into CharlieEriksen-master
2013-01-07 19:03:35 -06:00
4e0fca6d0f
Adding DB error handling
...
As per sinn3r's suggestion, adding handling for the most common MySQL
errors.
Also adding HostNotPrivileged, which I encountered during my testing.
2013-01-07 23:52:13 +00:00
33751c7ce4
Merges and resolves CJR's normalize_uri fixes
...
Merge remote-tracking branch 'ChrisJohnRiley/set_normalize_uri_on_modules'
into set_normalize_uri_on_modules
Note that this trips all kinds of msftidy warnings, but that's for another
day.
Conflicts:
modules/exploits/unix/webapp/tikiwiki_jhot_exec.rb
modules/exploits/windows/http/xampp_webdav_upload_php.rb
2013-01-07 11:16:58 -06:00
a8df3d71ff
Changes based on Sinn3r's feedback
...
A bucket-load of changes!
- Added a fallback for if there is no Set-Cookie header
- Added a check if the cookie we produce is simply empty, meaning we
failed something :(
- Removed use of flatten. Though I may look into making that extraction
better
- Changed cgi requests to use vars_(post|get)
- Clarified a few status prints
- A few EOL space fixes
2013-01-06 12:34:27 +00:00
a5113f0da4
Adding a check function
...
Because it makes sense. The non-vulnerable versions doesn't have
/libs/pdf.php.
So pretty simple.
2013-01-05 18:37:29 +00:00
ae72022777
Improvement for CVE 2012-4915
...
Made two tiny improvements based on Meatballs' points
- Added handling for 127.0.0.1 as DB_HOST
- Added a note in the description about it changing the pasword
2013-01-05 18:23:00 +00:00
25cadf8b87
Adding exploit for CVE 2012-4915
...
Initial commit.
Major functionality working. A bit of polish is still needed in a few
spots to handle exceptions and such.
2013-01-05 14:21:02 +00:00
h0ng10
Tod Beardsley
sinn3r
jvazquez-r7
James Lee
David Maloney
Tod Beardsley
sinn3r
HD Moore
bcoles
Jose Selvi
Charlie Eriksen