Commit Graph

506 Commits (ffb7efb52bfc95b954b6262145da9ace08867810)

Author SHA1 Message Date
sinn3r ce8b8e8ef9
Land #2783 - OpenSIS 'modname' PHP Code Execution 2013-12-20 11:29:10 -06:00
sinn3r d0ef860f75 Strip default username/password
There isn't one. So force the user to supply one.
2013-12-20 11:28:18 -06:00
bcoles fb6cd9c149 add osvdb+url refs and module tidy up 2013-12-20 20:27:07 +10:30
bcoles fc2da15c87 Add OpenSIS 'modname' PHP Code Execution module for CVE-2013-1349 2013-12-19 19:10:48 +10:30
jvazquez-r7 198667b650
Land #2774, @Mekanismen's module for CVE-2013-7091 2013-12-18 16:23:44 -06:00
jvazquez-r7 aec2e0c92c Change ranking 2013-12-18 16:23:14 -06:00
jvazquez-r7 d4ec858051 Clean zimbra_lfi 2013-12-18 15:46:37 -06:00
Mekanismen 0c0e8c3a49 various updates 2013-12-18 20:54:35 +01:00
Mekanismen 2de15bdc8b added module for Zimbra Collaboration Server CVE-2013-7091 2013-12-17 19:32:04 +01:00
Tod Beardsley e737b136cc
Minor grammar/caps fixup for release 2013-12-09 14:01:27 -06:00
jvazquez-r7 d47292ba10 Add module for CVE-2013-3522 2013-12-06 13:50:12 -06:00
jvazquez-r7 e4c6413643
Land #2718, @wchen-r7's deletion of @peer on HttpClient modules 2013-12-05 17:25:59 -06:00
Tod Beardsley f5a45bfe52
@twitternames not supported for author fields
It's kind of a dumb reason but there are metasploit metadata parsers out
there that barf all over @names. They assume user@email.address. Should
be fixed some day.
2013-12-04 13:31:22 -06:00
sinn3r 230db6451b Remove @peer for modules that use HttpClient
The HttpClient mixin has a peer() method, therefore these modules
should not have to make their own. Also new module writers won't
repeat the same old code again.
2013-12-03 12:58:16 -06:00
jvazquez-r7 47bff9a416
Land #2711, @Mekanismen exploit for wordpress OptimizePress theme 2013-12-02 16:30:24 -06:00
jvazquez-r7 5c3ca1c8ec Fix title 2013-12-02 16:30:01 -06:00
jvazquez-r7 c32b734680 Fix regex 2013-12-02 16:24:21 -06:00
Tod Beardsley 55847ce074
Fixup for release
Notably, adds a description for the module landed in #2709.
2013-12-02 16:19:05 -06:00
jvazquez-r7 79a6f8c2ea Clean php_wordpress_optimizepress 2013-12-02 15:43:41 -06:00
Mekanismen 57b7d89f4d Updated 2013-12-01 09:06:41 +01:00
Mekanismen 045b848a30 added exploit module for optimizepress 2013-11-30 21:51:56 +01:00
sinn3r a02e0ee3e4
Land #2682 - Kimai v0.9.2 'db_restore.php' SQL Injection 2013-11-27 19:10:44 -06:00
bcoles a03cfce74c Add table prefix and doc root as fallback options 2013-11-25 17:44:26 +10:30
bcoles d8700314e7 Add Kimai v0.9.2 'db_restore.php' SQL Injection module 2013-11-24 02:32:16 +10:30
William Vu 2c485c509e Fix caps on module titles (first pass) 2013-11-15 00:03:42 -06:00
Tod Beardsley 65993704c3
Actually commit the mode change. 2013-11-11 22:16:29 -06:00
jvazquez-r7 bdba80c05c
Land #2569, @averagesecurityguy and others exploit for CVE-2013-4468, CVE-2013-4467 2013-11-07 12:20:42 -06:00
jvazquez-r7 2d4090d9c3 Make option astGUIclient credentials 2013-11-06 20:33:47 -06:00
jvazquez-r7 24d22c96a5 Improve exploitation 2013-11-06 20:15:40 -06:00
jvazquez-r7 2b2ec1a576 Change module location 2013-11-06 15:53:45 -06:00
William Vu f5d1d8eace chmod -x .rb files without #! in modules and lib
It wasn't just cmdstager_printf.rb. :/
2013-10-30 19:51:25 -05:00
jvazquez-r7 2ef33aabe7 Clean open_flash_chart_upload_exec 2013-10-24 10:15:28 -05:00
bcoles 8a5d4d45b4 Add Open Flash Chart v2 Arbitrary File Upload exploit 2013-10-24 22:46:41 +10:30
sinn3r 1599d1171d
Land #2558 - Release fixes 2013-10-21 13:48:11 -05:00
Tod Beardsley c070108da6
Release-related updates
* Lua is not an acronym
  * Adds an OSVDB ref
  * credit @jvazquez-r7, not HD, for the Windows CMD thing
2013-10-21 13:33:00 -05:00
sinn3r 032da9be10
Land #2426 - make use of Msf::Config.data_directory 2013-10-21 13:07:33 -05:00
Tod Beardsley 22b4bf2e94
Resplat webtester_exec.rb 2013-10-17 13:30:54 -05:00
Tod Beardsley 07ab53ab39
Merge from master to clear conflict
Conflicts:
	modules/exploits/windows/brightstor/tape_engine_8A.rb
	modules/exploits/windows/fileformat/a-pdf_wav_to_mp3.rb
2013-10-17 13:29:24 -05:00
jvazquez-r7 352eca1147 Fix check method and set a big space available for payload 2013-10-17 09:30:59 -05:00
bcoles 54cf7855a2 Add WebTester 5.x Command Execution exploit module 2013-10-17 16:57:57 +10:30
Tod Beardsley ed0b84b7f7
Another round of re-splatting. 2013-10-15 14:14:15 -05:00
Tod Beardsley c83262f4bd
Resplat another common boilerplate. 2013-10-15 14:07:48 -05:00
Tod Beardsley 23d058067a
Redo the boilerplate / splat
[SeeRM #8496]
2013-10-15 13:51:57 -05:00
joev e2a9339592 Add CVE to joomla media upload module. 2013-10-12 21:20:11 -05:00
Meatballs 9ca9b4ab29
Merge branch 'master' into data_dir
Conflicts:
	lib/msf/core/auxiliary/jtr.rb
2013-10-10 19:55:26 +01:00
jvazquez-r7 52574b09cb Add OSVDB reference 2013-10-09 14:13:45 -05:00
jvazquez-r7 24efb55ba9 Clean flashchat_upload_exec 2013-10-05 14:50:51 -05:00
bcoles 08243b277a Add FlashChat Arbitrary File Upload exploit module 2013-10-05 22:30:38 +09:30
jvazquez-r7 299dfe73f1
Land #2460, @xistence's exploit for clipbucket 2013-10-04 12:26:30 -05:00
jvazquez-r7 8e0a4e08a2 Fix author order 2013-10-04 12:25:38 -05:00