us3r777
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
Christian Mehlmauer
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
Christian Mehlmauer
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
William Vu
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
jvazquez-r7
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
jvazquez-r7
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
jvazquez-r7
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
James Lee
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
jvazquez-r7
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
jvazquez-r7
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
jvazquez-r7
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
jvazquez-r7
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
jvazquez-r7
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
sinn3r
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
Brendan Coles
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
Tod Beardsley
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
Brendan Coles
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
Emilio Pinna
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
Emilio Pinna
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
Emilio Pinna
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
Emilio Pinna
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
Emilio Pinna
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
Emilio Pinna
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
Emilio Pinna
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
Emilio Pinna
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00
Emilio Pinna
ac526ca9bd
Fix print_* to vprint_* in check method
2014-08-11 18:58:11 +02:00
Emilio Pinna
4b4b24b79d
Fix errors printing
2014-08-11 18:54:43 +02:00
Emilio Pinna
c97cd75beb
Rephrase 'Author' section
2014-08-11 18:52:21 +02:00
Emilio Pinna
0138f3648d
Add VMTurbo Operations Manager 'vmtadmin.cgi' Remote Command Execution module.
2014-08-11 16:57:39 +02:00
jvazquez-r7
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
jvazquez-r7
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
jvazquez-r7
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
Christian Mehlmauer
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
Christian Mehlmauer
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
Christian Mehlmauer
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
Christian Mehlmauer
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
Christian Mehlmauer
621e85a32d
Correct version
2014-07-28 22:45:04 +02:00
Christian Mehlmauer
d334797116
Updated foxpress module
2014-07-28 22:23:22 +02:00
jvazquez-r7
79fe342688
Land #3558 , @FireFart's improvements to wordpress mixin
2014-07-28 09:52:20 -05:00
Christian Mehlmauer
a6479a77d6
Implented feedback from @jhart-r7
2014-07-22 19:49:58 +02:00
Christian Mehlmauer
baff003ecc
extracted check version to module
...
also added some wordpress specs and applied
rubocop
2014-07-22 17:02:35 +02:00
sinn3r
6048f21875
Land #3552 - Correct DbVisualizer title name
2014-07-21 13:07:33 -05:00
Tod Beardsley
a41768fd7d
Correct DbVisualizer title name
...
I think "DbVis Software" is the name of the company and the product
itself is called DbVisualizer.
Also fixed the description on the WPTouch module.
2014-07-21 12:35:01 -05:00
Christian Mehlmauer
a809c9e0b5
Changed to vprint and added comment
2014-07-18 22:15:56 +02:00
Christian Mehlmauer
c6e129c622
Fix rubocop warnings
2014-07-18 21:58:33 +02:00
William Vu
ff6c8bd5de
Land #3479 , broken sock.get fix
2014-07-16 14:57:32 -05:00
Christian Mehlmauer
c1f612b82a
Use vprint_ instead of print_
2014-07-15 06:58:33 +02:00
Christian Mehlmauer
144c6aecba
Added WPTouch fileupload exploit
2014-07-14 21:35:18 +02:00
jvazquez-r7
8937fbb2f5
Fix email format
2014-07-11 12:45:23 -05:00
Tod Beardsley
9fef2ca0f3
Description/whitespace changes (minor)
...
Four modules updated for the weekly release with minor cosmetic fixes.
- [ ] See all affected modules still load.
- [ ] See all affected modules have expected `info`
2014-07-07 12:39:05 -05:00
Christian Mehlmauer
d5843f8eaf
Updated Mailpoet exploit to work with another version
2014-07-06 10:53:40 +02:00
William Vu
cf5d29c53b
Add EOF newline to satisfy msftidy
2014-07-05 13:51:12 -05:00
HD Moore
6d9bf83ded
Small fixes for the recent WP MailPoet module
...
Correct casing in the title
Anchor the use of ::File
Force body.to_s since it can be nil in corner cases
2014-07-05 13:17:23 -05:00
jvazquez-r7
2efa3d6bc0
Land #3487 , @FireFart's exploit for WordPress MailPoet file upload
2014-07-03 14:34:58 -05:00
jvazquez-r7
97a6b298a8
Use print_warning
2014-07-03 13:38:20 -05:00
Christian Mehlmauer
dcba357ec3
implement feedback
2014-07-03 20:27:08 +02:00
Christian Mehlmauer
aeb4fff796
Added FileDropper
2014-07-03 19:25:31 +02:00
Christian Mehlmauer
071f236946
Changed check method
2014-07-02 22:31:02 +02:00
Christian Mehlmauer
a58ff816c5
Changed check method
2014-07-02 22:29:00 +02:00
Christian Mehlmauer
40175d3526
added check method
2014-07-02 11:07:58 +02:00
Christian Mehlmauer
54a28a103c
Updated description
2014-07-02 10:49:28 +02:00
Christian Mehlmauer
1ff549f9c1
Replaced Tab
2014-07-02 10:35:30 +02:00
Christian Mehlmauer
09131fec28
Added wysija file upload exploit
2014-07-02 10:24:27 +02:00
HD Moore
7f06d10ba6
Dont blindly strip a possible nil return value
2014-06-28 16:08:06 -05:00
HD Moore
5e900a9f49
Correct sock.get() to sock.get_once() to prevent indefinite hangs/misuse
2014-06-28 16:06:46 -05:00
HD Moore
3868348045
Fix incorrect use of sock.get that leads to indefinite hang
2014-06-28 15:48:58 -05:00
Spencer McIntyre
bd49d3b17b
Explicitly use the echo stager and deregister options
...
Certain modules will only work with the echo cmd stager so
specify that one as a parameter to execute_cmdstager and
remove the datastore options to change it.
2014-06-28 16:21:08 -04:00
jvazquez-r7
870fa96bd4
Allow quotes in CmdStagerFlavor metadata
2014-06-27 08:34:56 -04:00
jvazquez-r7
91e2e63f42
Add CmdStagerFlavor to metadata
2014-06-27 08:34:55 -04:00
jvazquez-r7
7ced5927d8
Use One CMDStagermixin
2014-06-27 08:34:55 -04:00
Spencer McIntyre
ae25c300e5
Initial attempt to unify the command stagers.
2014-06-27 08:34:55 -04:00
Christian Mehlmauer
8e1949f3c8
Added newline at EOF
2014-06-17 21:03:18 +02:00
Christian Mehlmauer
8d4d40b8ba
Resolved some Set-Cookie warnings
2014-05-24 00:34:46 +02:00
jvazquez-r7
69369c04b3
Land #3126 , @xistence's exploit for SePortal
2014-03-28 13:52:59 -05:00
jvazquez-r7
7b56c9edac
Add references
2014-03-28 13:51:56 -05:00
Kurt Grutzmacher
0b766cd412
changes per firefart
2014-03-27 10:08:44 -07:00
Kurt Grutzmacher
744308bd35
tab...
2014-03-27 05:24:55 -07:00
Kurt Grutzmacher
a8c96213f0
normalize_uri for wp_property_upload_exec
2014-03-27 05:22:56 -07:00
Tod Beardsley
cfdd64d5b1
Title, description grammar and spelling
2014-03-24 12:16:59 -05:00
jvazquez-r7
c7ba7e4d92
Land #3131 , @xistence's exploit for CVE-2014-1903
2014-03-24 08:48:06 -05:00
jvazquez-r7
c3b753f92e
Make PHPFUNC advanced option
2014-03-24 08:47:31 -05:00
jvazquez-r7
4f333d84c9
Clean up code
2014-03-24 08:15:54 -05:00
xistence
c4f0d8e179
FreePBX config.php RCE CVE-2014-1903
2014-03-21 10:29:15 +07:00
sinn3r
b02337d8b6
Land #3123 - Horde Framework Unserialize PHP Code Execution
2014-03-20 12:32:14 -05:00
xistence
2845f834c6
changed cookie retrieval to res.get_cookies
2014-03-20 16:39:26 +07:00
xistence
7bfb8e95e6
minor changes to seportal module
2014-03-20 13:44:39 +07:00
xistence
5ef49ff64b
SePortal 2.5 SQLi Remote Code Execution
2014-03-20 12:02:06 +07:00
jvazquez-r7
d6faf20981
Make title more accurate
2014-03-19 12:43:34 -05:00
jvazquez-r7
0a795ab602
Land #3106 , @xistence's exploit for Array Networks devices
2014-03-19 10:49:03 -05:00
jvazquez-r7
0e27d75e60
Code clean up
2014-03-19 10:48:25 -05:00
jvazquez-r7
379c0efd5a
Update POP chain documentation
2014-03-18 16:29:30 -05:00
jvazquez-r7
77c128fbc5
Fix disclosure date and add ref
2014-03-18 16:21:44 -05:00
jvazquez-r7
b6e8bb62bb
Switch exploitation technique to use default available classes
2014-03-18 16:07:50 -05:00
jvazquez-r7
f86fd8af5d
Delete debug print
2014-03-17 21:01:41 -05:00
jvazquez-r7
3bdd906aae
Add module for CVE-2014-1691
2014-03-17 20:47:45 -05:00
Tod Beardsley
c916b62f47
Removes hash rockets from references.
...
[SeeRM #8776 ]
2014-03-17 09:40:32 -05:00
xistence
e261975c34
Array Networks vxAG and vAPV SSH key and privesc
2014-03-17 14:11:16 +07:00
xistence
1043d9d8b2
Array Networks vxAG and vAPV SSH key and privesc
2014-03-17 14:06:55 +07:00
William Vu
25ebb05093
Add next chunk of fixes
...
Going roughly a third at a time.
2014-03-11 12:23:59 -05:00
William Vu
170608e97b
Fix first chunk of msftidy "bad char" errors
...
There needs to be a better way to go about preventing/fixing these.
2014-03-11 11:18:54 -05:00
jvazquez-r7
79d559a0c9
Fix MIME message to_s
2014-02-10 22:23:23 -06:00
Tod Beardsley
7e2a9a7072
More desc fixes, add a vprint to give a hint
2014-02-03 13:18:52 -06:00
jvazquez-r7
710902dc56
Move file location
2014-01-31 09:18:59 -06:00
jvazquez-r7
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
jvazquez-r7
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
bcoles
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
sinn3r
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
sinn3r
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
sinn3r
ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution
2013-12-20 11:29:10 -06:00
sinn3r
d0ef860f75
Strip default username/password
...
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
bcoles
fb6cd9c149
add osvdb+url refs and module tidy up
2013-12-20 20:27:07 +10:30
bcoles
fc2da15c87
Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349
2013-12-19 19:10:48 +10:30
jvazquez-r7
198667b650
Land #2774 , @Mekanismen's module for CVE-2013-7091
2013-12-18 16:23:44 -06:00
jvazquez-r7
aec2e0c92c
Change ranking
2013-12-18 16:23:14 -06:00
jvazquez-r7
d4ec858051
Clean zimbra_lfi
2013-12-18 15:46:37 -06:00
Mekanismen
0c0e8c3a49
various updates
2013-12-18 20:54:35 +01:00
Mekanismen
2de15bdc8b
added module for Zimbra Collaboration Server CVE-2013-7091
2013-12-17 19:32:04 +01:00
Tod Beardsley
e737b136cc
Minor grammar/caps fixup for release
2013-12-09 14:01:27 -06:00
jvazquez-r7
d47292ba10
Add module for CVE-2013-3522
2013-12-06 13:50:12 -06:00
jvazquez-r7
e4c6413643
Land #2718 , @wchen-r7's deletion of @peer on HttpClient modules
2013-12-05 17:25:59 -06:00
Tod Beardsley
f5a45bfe52
@twitternames not supported for author fields
...
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address . Should
be fixed some day.
2013-12-04 13:31:22 -06:00
sinn3r
230db6451b
Remove @peer for modules that use HttpClient
...
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
jvazquez-r7
47bff9a416
Land #2711 , @Mekanismen exploit for wordpress OptimizePress theme
2013-12-02 16:30:24 -06:00
jvazquez-r7
5c3ca1c8ec
Fix title
2013-12-02 16:30:01 -06:00
jvazquez-r7
c32b734680
Fix regex
2013-12-02 16:24:21 -06:00
Tod Beardsley
55847ce074
Fixup for release
...
Notably, adds a description for the module landed in #2709 .
2013-12-02 16:19:05 -06:00
jvazquez-r7
79a6f8c2ea
Clean php_wordpress_optimizepress
2013-12-02 15:43:41 -06:00
Mekanismen
57b7d89f4d
Updated
2013-12-01 09:06:41 +01:00
Mekanismen
045b848a30
added exploit module for optimizepress
2013-11-30 21:51:56 +01:00
sinn3r
a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection
2013-11-27 19:10:44 -06:00
bcoles
a03cfce74c
Add table prefix and doc root as fallback options
2013-11-25 17:44:26 +10:30
bcoles
d8700314e7
Add Kimai v0.9.2 'db_restore.php' SQL Injection module
2013-11-24 02:32:16 +10:30
William Vu
2c485c509e
Fix caps on module titles (first pass)
2013-11-15 00:03:42 -06:00
Tod Beardsley
65993704c3
Actually commit the mode change.
2013-11-11 22:16:29 -06:00
jvazquez-r7
bdba80c05c
Land #2569 , @averagesecurityguy and others exploit for CVE-2013-4468, CVE-2013-4467
2013-11-07 12:20:42 -06:00
jvazquez-r7
2d4090d9c3
Make option astGUIclient credentials
2013-11-06 20:33:47 -06:00
jvazquez-r7
24d22c96a5
Improve exploitation
2013-11-06 20:15:40 -06:00
jvazquez-r7
2b2ec1a576
Change module location
2013-11-06 15:53:45 -06:00
William Vu
f5d1d8eace
chmod -x .rb files without #! in modules and lib
...
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
jvazquez-r7
2ef33aabe7
Clean open_flash_chart_upload_exec
2013-10-24 10:15:28 -05:00
bcoles
8a5d4d45b4
Add Open Flash Chart v2 Arbitrary File Upload exploit
2013-10-24 22:46:41 +10:30
sinn3r
1599d1171d
Land #2558 - Release fixes
2013-10-21 13:48:11 -05:00
Tod Beardsley
c070108da6
Release-related updates
...
* Lua is not an acronym
* Adds an OSVDB ref
* credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
sinn3r
032da9be10
Land #2426 - make use of Msf::Config.data_directory
2013-10-21 13:07:33 -05:00
Tod Beardsley
22b4bf2e94
Resplat webtester_exec.rb
2013-10-17 13:30:54 -05:00
Tod Beardsley
07ab53ab39
Merge from master to clear conflict
...
Conflicts:
modules/exploits/windows/brightstor/tape_engine_8A.rb
modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
jvazquez-r7
352eca1147
Fix check method and set a big space available for payload
2013-10-17 09:30:59 -05:00
bcoles
54cf7855a2
Add WebTester 5.x Command Execution exploit module
2013-10-17 16:57:57 +10:30
Tod Beardsley
ed0b84b7f7
Another round of re-splatting.
2013-10-15 14:14:15 -05:00
Tod Beardsley
c83262f4bd
Resplat another common boilerplate.
2013-10-15 14:07:48 -05:00