Tod Beardsley
f311b0cd1e
Add user-controlled verbs.
...
GET, HEAD, POST, and PROPFIND were tested on WebRick, all successful.
2013-11-25 12:29:05 -06:00
Tod Beardsley
6a28aa298e
Module for CVE-2013-4164
...
So far, just a DoS. So far, just tested on recent Rails with Webrick and
Thin front ends -- would love to see some testing on ngix/apache with
passenger/mod_rails but I don't have it set up at the moment.
2013-11-22 16:51:02 -06:00
jvazquez-r7
885fedcc3b
Fix target name
2013-11-21 17:42:31 -06:00
sinn3r
22c7703e8b
Land #2658 - Make OGNL expressions compatible with struts 2.0.11.2
2013-11-21 15:30:42 -06:00
jvazquez-r7
851cf6f0d1
Land #2650 , @pnegry's exploit for DesktopCentral 8
2013-11-21 09:30:17 -06:00
jvazquez-r7
77aa665385
Add Privileged flag
2013-11-21 09:28:28 -06:00
jvazquez-r7
2ab3ab8b66
Delete empty Payload metadata section
2013-11-21 09:27:25 -06:00
jvazquez-r7
6bd3c4c887
Fix target name
2013-11-21 09:07:25 -06:00
jvazquez-r7
4c2ad4ca9a
Fix metadata
2013-11-21 09:06:47 -06:00
jvazquez-r7
8e4c5dbb5e
improve upload_file response check
2013-11-21 09:02:11 -06:00
jvazquez-r7
8fdfeb73db
Fix use of FileDropper and improve check method
2013-11-21 09:01:41 -06:00
jvazquez-r7
4abf01c64c
Clean indentation
2013-11-21 08:32:54 -06:00
Tod Beardsley
3926617972
Land #2664 , clear EOL spaces
...
[SeeRM #8498 ]
2013-11-20 17:27:06 -06:00
joev
eea811b71a
Merge branch 'landing-2601-mipsle-encoders' into upstream-master
2013-11-20 17:14:45 -06:00
William Vu
9f45121b23
Remove EOL spaces
2013-11-20 15:08:13 -06:00
William Vu
e8eb983ae1
Resplat shell_bind_tcp_random_port
2013-11-20 14:48:53 -06:00
jvazquez-r7
cec4166766
Fix description
2013-11-20 12:49:22 -06:00
jvazquez-r7
18e69bee8c
Make OGNL expressions compatible with struts 2.0.11.2
2013-11-20 12:42:10 -06:00
Thomas Hibbert
4cc20f163b
Update References field to be compliant.
2013-11-20 13:01:21 +13:00
Thomas Hibbert
07c76fd3e6
Module cleaned for msftidy compliance.
2013-11-20 11:33:14 +13:00
sinn3r
a9de5e2846
Land #2634 - Opt browser autopwn load list
2013-11-19 15:10:29 -06:00
Tod Beardsley
ded56f89c3
Fix caps in description
2013-11-18 16:15:50 -06:00
jvazquez-r7
f963f960cb
Update title
2013-11-18 15:07:59 -06:00
jvazquez-r7
274247bfcd
Land #2647 , @jvennix-r7's module for Gzip Memory Bomb DoS
2013-11-18 15:06:46 -06:00
joev
589660872e
Kill FILEPATH datastore option.
2013-11-18 14:13:25 -06:00
jvazquez-r7
f690667294
Land #2617 , @FireFart's mixin and login bruteforcer for TYPO3
2013-11-18 13:37:16 -06:00
jvazquez-r7
0391ae2bc0
Delete general reference
2013-11-18 13:19:09 -06:00
jvazquez-r7
1c4dabaf34
Beautify typo3_bruteforce module
2013-11-18 13:17:15 -06:00
sinn3r
b5fc0493a5
Land #2642 - Fix titles
2013-11-18 12:14:36 -06:00
William Vu
455934a545
Land #2645 , Redis spec conformity for redis_server
2013-11-18 12:00:38 -06:00
jvazquez-r7
9e46975a95
Land #2643 , @ChrisJohnRiley SkipVersionCheck for exim4_dovecot_bannercheck
2013-11-18 11:28:07 -06:00
jvazquez-r7
540b85df3f
Set SkipVersionCheck as not required
2013-11-18 11:27:32 -06:00
jvazquez-r7
f6f0d81149
Land #2632 , @peto01 OSX VPN Manager post module
2013-11-18 09:49:14 -06:00
jvazquez-r7
0a930ef6e1
Clean osx vpn post module
2013-11-18 09:47:52 -06:00
Thomas Hibbert
960f7c9bbb
Add DesktopCentral arbitrary file upload exploit.
2013-11-18 16:11:28 +13:00
joev
8e889c61f7
Update description.
2013-11-17 15:48:27 -06:00
joev
f7820139dc
Add a content_type datastore option.
2013-11-17 15:38:55 -06:00
joev
43d2711b98
Default to 1 round compression.
2013-11-17 15:35:35 -06:00
joev
1e3860d648
Add gzip bomb dos aux module.
2013-11-17 14:44:33 -06:00
jvazquez-r7
7d22312cd8
Fix redis communication
2013-11-15 19:36:18 -06:00
Tod Beardsley
89d0b3c41c
Return the splat and require on a module.
2013-11-15 12:19:53 -06:00
Tod Beardsley
36db6a4d59
Land #2616 , SuperMicro close_window BOF
2013-11-15 11:34:53 -06:00
Chris John Riley
5bd5eacd77
Added option to ignore banner checks
2013-11-15 15:01:11 +01:00
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
jvazquez-r7
4cf16cf360
Land #2633 , @OJ's port of Kitrap0d as local exploit
2013-11-14 09:27:10 -06:00
Peter Toth
7db42efdd4
Code restructure and more robust error handling
2013-11-14 13:44:49 +01:00
jvazquez-r7
fe2cd93a65
Delete ms13_037_svg_dashstyle from the browser_autopwn list
2013-11-13 23:46:50 -06:00
OJ
506a4d9e67
Remove genericity, x64 and renamed stuff
...
As per discussion on the github issue, the following changes were made:
* Project renamed from elevate to kitrap0d, implying that this is not
intended to be a generic local priv esc exploit container.
* Container DLL no longer generic, always calls the kitrap0d exploit.
* Removal of all x64 code and project configurations.
* Invocation of the exploit changed so that the address of the payload
is passed in to the exploit entry point. The exploit is now responsible
for executing the payload if the exploit is successful. This removes
the possibility of the payload getting executed when the exploit fails.
* Source moved to the appropriate CVE folder.
* Binary moved to the appropriate CVE folder.
* Little bit of source rejigging to tidy things up.
2013-11-14 12:22:53 +10:00
William Vu
334a93af45
Land #2638 , refs for android_htmlfileprovider
2013-11-13 14:51:46 -06:00
joev
0612f340f1
Commas are good.
2013-11-13 14:38:50 -06:00