5813c639d1
Initial commit
2015-01-19 17:23:48 +01:00
8a89b3be28
Cleanup of various bits of code
2015-01-13 22:20:40 +00:00
8246f4e0bb
Add ability to use both WP and EC attack vectors
2015-01-12 23:30:59 +00:00
e6f6acece9
Add a date hash to the post data
2015-01-12 21:21:50 +00:00
ea37e2e198
Add WP EasyCart file upload exploit module
2015-01-10 21:05:02 +00:00
d4d1a53533
fix invalid url
2015-01-09 21:57:52 +01:00
82e6183136
Add Msf::Exploit::FileDropper mixin
2015-01-08 21:07:00 +00:00
93dc90d9d3
Tidied up some code with existing mixins
2015-01-08 20:53:56 +00:00
7b92c6c2df
Add WP Symposium Shell Upload module
2015-01-07 22:02:39 +00:00
44dfa746eb
Resolve #4513 - Change #inspect to #to_s
...
Resolve #4513
2015-01-05 11:50:51 -06:00
b5b0be9001
Do minor cleanup
2014-12-26 11:24:02 -06:00
5c82b8a827
Add ProjectSend Arbitrary File Upload module
2014-12-23 10:53:03 +00:00
d3050de862
Remove references to Redmine in code
...
See #4400 . This should be all of them, except for, of course, the module
that targets Redmine itself.
Note that this also updates the README.md with more current information
as well.
2014-12-19 17:27:08 -06:00
025c0771f8
Have exploit call check. Have check report_vuln
2014-12-15 09:53:11 -08:00
f521e7d234
Use newer Ruby hash syntax
2014-12-15 09:17:32 -08:00
c93dc04a52
Resolve address before storing the working cred
2014-12-15 09:11:12 -08:00
5ca8f187b3
Merge remote-tracking branch 'upstream/pr/4328' into temp
2014-12-15 08:15:51 -08:00
4530066187
return nil
2014-12-15 01:04:39 +11:00
55d9e9cff6
Use list of potential analytics hosts
2014-12-14 23:15:41 +11:00
008c33ff51
Fix description
2014-12-12 13:36:28 -06:00
81460198b0
Add openssl payload to distcc exploit
...
This is required to test #4274
2014-12-12 13:25:55 -06:00
b334e7e0c6
Land #4322 , @FireFart's wordpress exploit for download-manager plugin
2014-12-12 12:41:59 -06:00
aaed7fe957
Make the timeout for the calling payload request lower
2014-12-12 12:41:06 -06:00
00f66b6050
Correct named captures
2014-12-12 10:22:14 -08:00
98dca6161c
Delete unused variable
2014-12-12 12:03:32 -06:00
810bf598b1
Use fail_with
2014-12-12 12:03:12 -06:00
1e6bbc5be8
Use blank?
2014-12-12 09:51:08 -08:00
4f3ac430aa
Land #4341 , @EgiX's module for tuleap PHP Unserialize CVE-2014-8791
2014-12-12 11:48:25 -06:00
64f529dcb0
Modify default timeout for the exploiting request
2014-12-12 11:47:49 -06:00
24f1b916e0
Minor ruby style cleanup
2014-12-12 09:47:35 -08:00
1d1aa5838f
Use Gem::Version to compare versions in check
2014-12-12 09:47:01 -08:00
d01a07b1c7
Add requirement to description
2014-12-12 11:42:45 -06:00
fd09b5c2f6
Fix title
2014-12-12 10:52:18 -06:00
4871228816
Do minor cleanup
2014-12-12 10:52:06 -06:00
544f75e7be
fix invalid URI scheme, closes #4362
2014-12-11 23:34:10 +01:00
245b76477e
Fix issue with execution of perl due to gsub not matching across newlines
2014-12-10 21:38:04 +00:00
700ccc71e7
Create tuleap_unserialize_exec.rb
2014-12-09 10:15:46 +01:00
42744e5650
Add actualanalyzer_ant_cookie_exec exploit
2014-12-06 19:09:20 +00:00
5ea062bb9c
fix bug
2014-12-05 11:30:45 +01:00
55b8d6720d
add wordpress download-manager exploit
2014-12-05 11:17:54 +01:00
6b4eb9a8e2
Differentiate failed binds from connects, closes #4169
...
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is
that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi
on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically:
1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed
2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat
ed to use InvalidDestination as that was the intention prior to this change.
Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
2014-11-11 14:59:41 -06:00
51b96cb85b
Cosmetic title/desc updates
2014-11-03 13:37:45 -06:00
b7a1722b46
Pass msftidy, more descriptive name and description
2014-10-30 22:14:18 -05:00
64a59e805c
Fix a simple typo
2014-10-29 12:40:24 -04:00
1bf1be0e46
Updated to module based feedback from wchen-r7
2014-10-29 11:42:07 -04:00
9021e4dae6
Xerox Workcentre firmware injection exploit
2014-10-28 11:15:43 -04:00
c77a0984bd
Land #3989 , @us3r777's exploit for CVE-2014-7228, Joomla Update unserialize
...
the commit.
empty message aborts
2014-10-20 13:39:08 -05:00
4e6f61766d
Change module filename
2014-10-20 13:31:22 -05:00
e202bc10f0
Fix title
2014-10-20 13:30:44 -05:00
f07c5de711
Do code cleanup
2014-10-20 13:27:48 -05:00
052a9fec86
Delete return
2014-10-20 10:52:33 -05:00
199f6eba76
Fix check method
2014-10-20 10:46:40 -05:00
16101612a4
Some changes to use primer
...
Follow wiki How-to-write-a-module-using-HttpServer-and-HttpClient
2014-10-20 17:26:16 +02:00
1e143fa300
Removed unused variables
2014-10-20 16:58:41 +02:00
35d3bbf74d
Fix up comment splats with the correct URI
...
See the complaint on #4039 . This doesn't fix that particular
issue (it's somewhat unrelated), but does solve around
a file parsing problem reported by @void-in
2014-10-17 11:47:33 -05:00
b1223165d4
Trivial grammar fixes
2014-10-14 12:00:50 -05:00
444b01c4b0
Typo + shorten php serialized object
2014-10-12 21:29:04 +02:00
2428688565
CVE-2014-7228 Joomla/Akeeba Kickstart RCE
...
Exploit via serialiazed PHP object injection. The Joomla! must be
updating more precisely, the file $JOOMLA_WEBROOT/administrator/
components/com_joomlaupdate/restoration.php must be present
2014-10-09 18:51:24 +02:00
1584c4781c
Add reference
2014-10-09 06:58:15 +02:00
4f96d88a2f
Land #3949 , @us3r777's exploit for CVE-2014-6446, wordpress infusionsoft plugin php upload
2014-10-08 16:35:49 -05:00
66a8e7481b
Fix description
2014-10-08 16:35:14 -05:00
8ba8402be3
Update timeout
2014-10-08 16:32:05 -05:00
bbf180997a
Do minor cleanup
2014-10-08 16:29:11 -05:00
03888bc97b
Change the check function
...
Use regex based detection
2014-10-06 18:56:01 +02:00
29111c516c
Wordpress Infusionsoft Gravity Forms CVE-2014-6446
...
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for
WordPress does not properly restrict access, which allows remote
attackers to upload arbitrary files and execute arbitrary PHP
code via a request to utilities/code_generator.php.
2014-10-06 14:10:01 +02:00
f45b89503d
change WPVULNDBID to WPVDB
2014-10-03 17:13:18 +02:00
33b37727c7
Added wpvulndb links
2014-10-02 23:03:31 +02:00
df44dfb01a
Add OSVDB and EDB references to Shellshock modules
2014-09-29 21:39:07 -05:00
6e2d297e0c
Credit the original vuln discoverer
2014-09-26 13:45:09 -05:00
a4bc17ef89
deregister options needed for exploitation
2014-09-26 10:15:46 -05:00
54e6763990
Add injection to HOSTNAME and URL
2014-09-26 10:13:24 -05:00
86f85a356d
Add DHCP server module for CVE-2014-6271
2014-09-26 01:24:42 -05:00
9acccfe9ba
Fix description
2014-09-19 17:18:59 -05:00
d826132f87
Delete CVE, add EDB
2014-09-19 17:16:03 -05:00
7afbec9d6c
Land #2890 , @Ahmed-Elhady-Mohamed module for OSVDB 93034
2014-09-19 17:12:49 -05:00
1fa5c8c00c
Add check method
2014-09-19 17:11:16 -05:00
ce0b00bb0b
Change module location and filename
2014-09-19 16:59:35 -05:00
c73ec66c7a
Land #3659 - Add HybridAuth install.php PHP Code Execution
2014-08-19 17:19:01 -05:00
564431fd41
Use arrays in refs for consistency
2014-08-18 18:54:54 +00:00
cad281494f
Minor caps, grammar, desc fixes
2014-08-18 13:35:34 -05:00
b8b2e3edff
Add HybridAuth install.php PHP Code Execution module
2014-08-16 23:31:46 +00:00
4ff73a1467
Add version build check
2014-08-13 09:53:43 +02:00
3440f82b2e
Minor description adjustment
2014-08-12 22:18:59 +02:00
9e38ffb797
Add the check for the manual payload setting
2014-08-12 21:55:42 +02:00
5b6be55c50
Fix (properly) 'execute_command()' missing 'opts' parameter
2014-08-12 19:49:27 +02:00
3af17ffad0
Fixed 'execute_command()' missing 'opts' parameter
2014-08-12 19:24:24 +02:00
f71589f534
Simplify payload upload using 'CmdStager' mixin
2014-08-12 10:49:17 +02:00
cc5770558d
Remove local payload saving used for debugging
2014-08-11 19:16:14 +02:00
4790b18424
Use FileDropper mixin to delete uploaded file
2014-08-11 19:02:09 +02:00
ac526ca9bd
Fix print_* to vprint_* in check method
2014-08-11 18:58:11 +02:00
4b4b24b79d
Fix errors printing
2014-08-11 18:54:43 +02:00
c97cd75beb
Rephrase 'Author' section
2014-08-11 18:52:21 +02:00
0138f3648d
Add VMTurbo Operations Manager 'vmtadmin.cgi' Remote Command Execution module.
2014-08-11 16:57:39 +02:00
a79eec84ac
Land #3584 , @FireFart's update for wp_asset_manager_upload_exec
2014-07-30 10:28:51 -05:00
9de8297848
Use [] for References
2014-07-30 10:28:00 -05:00
58fbb0b421
Use [] for References
2014-07-30 10:24:14 -05:00
75057b5df3
Fixed variable
2014-07-29 21:02:15 +02:00
cc3285fa57
Updated checkcode
2014-07-29 20:53:54 +02:00
61ab88b2c5
Updated wp_asset_manager_upload_exec module
2014-07-29 20:53:18 +02:00
e438c140ab
Updated wp_property_upload_exec module
2014-07-29 20:34:34 +02:00
Hans-Martin Münch (h0ng10)
rastating
Christian Mehlmauer
sinn3r
jvazquez-r7
Brendan Coles
Tod Beardsley
Jon Hart
Marc Wickenden
EgiX
HD Moore
Deral Heiland
us3r777
URI Assassin
William Vu
James Lee
Emilio Pinna