jvazquez-r7
8e0a4e08a2
Fix author order
2013-10-04 12:25:38 -05:00
xistence
81d4a8b8c1
added clipbucket_upload_exec RCE
2013-10-04 11:43:38 +07:00
Meatballs
c460f943f7
Merge branch 'master' into data_dir
...
Conflicts:
modules/exploits/windows/local/always_install_elevated.rb
plugins/sounds.rb
scripts/meterpreter/powerdump.rb
scripts/shell/spawn_meterpreter.rb
2013-10-02 20:17:11 +01:00
sinn3r
23b0c3b723
Add Metasploit blog references
...
These modules have blogs from the Rapid7 community, we should add them.
2013-10-01 20:50:16 -05:00
sinn3r
7118f7dc4c
Land #2422 - rm methods peer & rport
...
Because they're already defined in the HttpClient mixin
2013-09-30 16:01:59 -05:00
Tab Assassin
2e8d19edcf
Retab all the things (except external/)
2013-09-30 13:47:53 -05:00
Meatballs
7ba846ca24
Find and replace
2013-09-26 20:34:48 +01:00
FireFart
84ec2cbf11
remove peer methods since it is already defined in Msf::Exploit::Remote::HttpClient
2013-09-25 23:42:44 +02:00
jvazquez-r7
58d4096e0f
Resolv conflicts on #2267
2013-09-25 13:06:14 -05:00
jvazquez-r7
a50ab1ddd3
Land #2409 , @xistence exploit for ZeroShell
2013-09-24 15:32:55 -05:00
jvazquez-r7
6c2063c9c0
Do not get a session on every execute_command call
2013-09-24 15:31:40 -05:00
jvazquez-r7
79ca123051
Use snake_case
2013-09-24 15:16:51 -05:00
jvazquez-r7
34b84395c1
Fix References field
2013-09-24 15:16:02 -05:00
jvazquez-r7
adfacfbed1
Do not fail_with on method used from check
2013-09-24 15:08:48 -05:00
jvazquez-r7
4b6a646899
Fix typo
2013-09-24 15:06:35 -05:00
jvazquez-r7
f5cac304f4
Use default send_request_cgi timeout
2013-09-24 15:05:24 -05:00
jvazquez-r7
ce4cf55d22
Land #2417 , @todb-r7's change to Platform field to make ruby style compliant
2013-09-24 13:30:48 -05:00
William Vu
89222f4b16
Land #2416 , OSVDB refs for arkeia_upload_exec
2013-09-24 13:22:24 -05:00
Tod Beardsley
c547e84fa7
Prefer Ruby style for single word collections
...
According to the Ruby style guide, %w{} collections for arrays of single
words are preferred. They're easier to type, and if you want a quick
grep, they're easier to search.
This change converts all Payloads to this format if there is more than
one payload to choose from.
It also alphabetizes the payloads, so the order can be more predictable,
and for long sets, easier to scan with eyeballs.
See:
https://github.com/bbatsov/ruby-style-guide#collections
2013-09-24 12:33:31 -05:00
jvazquez-r7
d15f442e56
Add OSVDB references to arkeia_upload_exec
2013-09-24 08:48:28 -05:00
xistence
8b9adf6886
changes made to zeroshell_exec according to suggestions
2013-09-24 08:35:07 +07:00
Tod Beardsley
4bff8f2cdc
Update descriptions for clarity.
2013-09-23 13:48:23 -05:00
xistence
6429219a1d
added ZeroShell RC2 RCE
2013-09-22 15:13:55 +07:00
jvazquez-r7
bad6f2279d
Add OSVDB reference for openemr_sqli_privesc_upload
2013-09-20 09:41:23 -05:00
jvazquez-r7
46a241b168
Fix my own cleanup
2013-09-19 14:51:22 -05:00
jvazquez-r7
31903be393
Land #2380 , @xistence exploit for EDB 28329
2013-09-19 14:42:27 -05:00
jvazquez-r7
cb737525b1
Final cleanup for openemr_sqli_privesc_upload
2013-09-19 14:40:57 -05:00
jvazquez-r7
76e170513d
Do first clean on openemr_sqli_privesc_upload
2013-09-19 14:36:25 -05:00
jvazquez-r7
cf0375f7e6
Fix check return value
2013-09-19 14:17:45 -05:00
jvazquez-r7
c63423ad69
Update code comment
2013-09-19 13:03:55 -05:00
jvazquez-r7
6073e6f2dc
Fix use of normalize_uri
2013-09-19 12:59:37 -05:00
jvazquez-r7
b4fa535f2b
Fix usage of fail_with
2013-09-19 12:45:29 -05:00
jvazquez-r7
1aba7550f9
Fix check indentation
2013-09-19 12:44:11 -05:00
jvazquez-r7
1f7c3d82c1
Refactor easy methods
2013-09-19 12:42:38 -05:00
jvazquez-r7
891a54aad7
Fix metadata
2013-09-19 12:41:13 -05:00
xistence
65ee8c7d5c
changed openemr_sqli_privesc_upload according to suggestions
2013-09-18 12:38:20 +07:00
xistence
d6a1182bd4
changes to arkeia_upload_exec to comply with r7 suggestions #2
2013-09-18 08:24:40 +07:00
xistence
24a671b530
changes to arkeia_upload_exec to comply with r7 suggestions
2013-09-18 08:10:58 +07:00
xistence
af873b7349
added OpenEMR 4.1.1 Patch 14 SQLi Privesc Upload RCE
2013-09-16 16:19:35 +07:00
xistence
b2b629f932
added WD Arkeia Appliance RCE
2013-09-16 14:38:50 +07:00
Tab Assassin
f5a4c05dbc
Retab changes for PR #2267
2013-09-05 14:11:03 -05:00
Tab Assassin
4703a10b64
Merge for retab
2013-09-05 14:10:58 -05:00
jvazquez-r7
86ceadc53d
Fix target description
2013-09-05 13:37:01 -05:00
jvazquez-r7
d43326d0f4
Check 302 while checking too
2013-09-05 13:36:35 -05:00
jvazquez-r7
ab83a12354
Check 302 on anonymous access too
2013-09-05 13:35:52 -05:00
Tab Assassin
c9c6f84668
Retab changes for PR #2328
2013-09-05 13:16:15 -05:00
Tab Assassin
9bdc274904
Merge for retab
2013-09-05 13:15:07 -05:00
jgor
84e4b42f6b
allow 302 redirects
2013-09-04 16:59:42 -05:00
jgor
66d5af5a11
remove dependency on tmpl=component
2013-09-04 16:58:49 -05:00
Tab Assassin
41e4375e43
Retab modules
2013-08-30 16:28:54 -05:00
jvazquez-r7
26531dbaa7
Land #2100 , @ddouhine's exploit for OSVDB 83543
2013-08-28 08:55:59 -05:00
jvazquez-r7
ab572d7d72
Fix Authors metadata section
2013-08-28 08:53:48 -05:00
sinn3r
2e4e3fdbe6
Land #2237 - Fix check function
2013-08-27 11:11:54 -05:00
g0tmi1k
7efe85dbd6
php_include - added @wchen-r7's code improvements
2013-08-27 14:00:13 +01:00
Tod Beardsley
6b15a079ea
Update for grammar in descriptions on new modules.
2013-08-26 14:52:51 -05:00
Christian Mehlmauer
45ad043102
moderated comments are now also working (even for unauthenticated users)
2013-08-25 11:02:15 +02:00
Christian Mehlmauer
035258389f
use feed first before trying to bruteforce
2013-08-25 10:16:43 +02:00
Christian Mehlmauer
9af1341179
consistent naming
2013-08-24 18:51:07 +02:00
Christian Mehlmauer
9e4a760576
Update payload
2013-08-24 17:30:16 +02:00
Christian Mehlmauer
c40252e0b3
bugfixing
2013-08-24 00:04:16 +02:00
Christian Mehlmauer
e9eb6b2427
simplification
2013-08-23 22:29:31 +02:00
Christian Mehlmauer
576ae50b73
more feedback implemented
2013-08-23 22:22:56 +02:00
Christian Mehlmauer
de3fc1fa6c
first feedback implemented
2013-08-23 21:59:36 +02:00
Christian Mehlmauer
556f17c47e
Move modules
2013-08-22 17:33:35 +02:00
Christian Mehlmauer
8456d2c0ec
remove target_uri
2013-08-22 00:48:42 +02:00
Christian Mehlmauer
959553583f
-) revert last commit
...
-) split into seperate modules
2013-08-22 00:45:22 +02:00
Christian Mehlmauer
009d8796f6
wordpress is now a module, not a mixin
2013-08-22 00:05:58 +02:00
Christian Mehlmauer
2e9a579a08
implement @limhoff-r7 feedback
2013-08-21 21:05:52 +02:00
Christian Mehlmauer
ffdd057f10
-) Documentation
...
-) Added Wordpress checks
2013-08-21 14:27:11 +02:00
Christian Mehlmauer
49ec0d464a
msftidy
2013-08-21 13:15:21 +02:00
Christian Mehlmauer
11ef8d077c
-) added wordpress mixin
...
-) fixed typo in web mixin
2013-08-21 12:45:15 +02:00
jvazquez-r7
42f774a064
Fix check method
2013-08-20 12:02:09 -05:00
Charlie Eriksen
533d98bd1b
Adding module for CVE 2013-5093, Graphite Web Exploit
2013-08-20 12:56:30 -04:00
g0tmi1k
02e394e1c3
php_include - fix check
2013-08-17 17:36:43 +01:00
g0tmi1k
98b4c653c0
php_include - uses verbose
2013-08-17 17:35:09 +01:00
jvazquez-r7
85b050112a
Land #2231 , @wchen-r7's patch for [SeeRM #8114 ]
2013-08-16 12:52:10 -05:00
sinn3r
d4dbea5594
Check 200
2013-08-16 11:34:32 -05:00
sinn3r
cd734acf3e
[See RM 8114] - Reduce false positive if traffic is redirected
...
Fix complaint for hitting this false positive when the user has
all the traffic redirected.
2013-08-15 16:33:10 -05:00
HD Moore
6c1ba9c9c9
Switch to Failure vs Exploit::Failure
2013-08-15 14:14:46 -05:00
jvazquez-r7
1d82ed176f
Update joomla_media_upload_exec references
2013-08-13 23:27:01 -05:00
sinn3r
e912a64ccc
Description change
2013-08-13 19:04:25 -05:00
jvazquez-r7
312ff1a20e
Delete period from regular expressions
2013-08-13 17:50:26 -05:00
jvazquez-r7
04eed49310
Add support for FileDropper
2013-08-13 16:47:24 -05:00
jvazquez-r7
e4a570d36b
Update metadata according to OSVDB
2013-08-13 16:42:53 -05:00
jvazquez-r7
2086c51b67
Add module for Joomla Upload Exploit in the wild
2013-08-13 16:27:27 -05:00
jvazquez-r7
567873f3cc
Use normalize_uri a little better
2013-08-08 15:12:51 -05:00
jvazquez-r7
40a61ec654
Do minor cleanup
2013-08-08 14:47:46 -05:00
Charlie Eriksen
28b36ea29b
Removing a space at EOL I missed.
2013-08-08 14:30:53 -04:00
Charlie Eriksen
1c6e994fe8
Adding improvements based on Juan's feedback
2013-08-08 14:29:35 -04:00
root
3a24765585
Adding CVE ID
2013-08-07 18:11:43 -04:00
root
7412981138
Adding an OSVDB reference
2013-08-07 07:15:00 -04:00
root
36bab2fdfa
Adding a space between init and check
2013-08-06 16:14:21 -04:00
root
be683d5dc6
Fixing the TARGETURI variable, adding check
2013-08-06 16:13:44 -04:00
root
a745ec8fa6
Adding reference
2013-08-06 14:43:25 -04:00
root
cfd5f29220
Fixing the use of APIKEY, which is not needed
2013-08-06 14:10:48 -04:00
root
69a86b60e2
Added initial squash RCE exploit
2013-08-06 14:00:17 -04:00
Tod Beardsley
7e539332db
Reverting disaster merge to 593363c5f
with diff
...
There was a disaster of a merge at 6f37cf22eb
that is particularly
difficult to untangle (it was a bad merge from a long-running local
branch).
What this commit does is simulate a hard reset, by doing thing:
git checkout -b reset-hard-ohmu
git reset --hard 593363c5f9
git checkout upstream-master
git checkout -b revert-via-diff
git diff --no-prefix upstream-master..reset-hard-ohmy > patch
patch -p0 < patch
Since there was one binary change, also did this:
git checkout upstream-master data/exploits/CVE-2012-1535/Main.swf
Now we have one commit that puts everything back. It screws up
file-level history a little, but it's at least at a point where we can
move on with our lives. Sorry.
2013-07-29 21:47:52 -05:00
jvazquez-r7
3a8856ae7f
Apply review to spip_connect_exec
2013-07-15 09:44:05 -05:00
jvazquez-r7
bc44d42888
Move module to unix/webapps
2013-07-15 09:43:28 -05:00
jvazquez-r7
64b2f3f7a0
Merge branch 'master' of https://github.com/rapid7/metasploit-framework
2013-07-08 16:55:39 -05:00