adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81,177 Commits 27 Branches 1,043 Tags
weekly-updates
Commit Graph

956 Commits

Author SHA1 Message Date
Takah1ro f54374eaff Update exploit to improve stability 2026-04-18 12:56:53 +09:00
Takahiro Yokoyama b917de89c3 Merge branch 'rapid7:master' into langflow_rce_cve_2026_27966 2026-04-16 20:58:02 +09:00
Brendan c17c301e36 Merge pull request #21095 from LucasCsmt/multi/http/churchcrm_db_restore_rce 
Adds exploit module for ChurchCRM authenticated RCE (CVE-2025-68109)
 2026-04-15 14:22:56 -05:00
adfoster-r7 0ba59a1254 Update documentation/modules/exploit/multi/http/churchcrm_db_restore_rce.md 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2026-04-15 16:07:43 +01:00
Takah1ro a6d7502c8d Add langflow_rce_cve_2026_27966 module 2026-04-09 22:12:10 +09:00
Christophe De La Fuente 09a59af789 Merge pull request #21069 from Chocapikk/add-module-freescout-htaccess-rce 2026-03-31 18:09:30 +02:00
msutovsky-r7 6d4b268f9f Land #21029, adds module for Grav CMS (CVE-2025-50286) 
Adds exploit module for Grav CMS (CVE-2025-50286)
 2026-03-31 14:47:44 +02:00
adfoster-r7 20bb912515 Merge pull request #21023 from g0tmi1k/os_cmd_exec 
Add: exploits/multi/http/os_cmd_exec
 2026-03-27 16:38:03 +00:00
x1o3 d12e3945fe plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:47:30 +05:30
x1o3 de81c5f0dc plugin version parsing and check logic improvement, msftidy & rubocop compliant 2026-03-27 11:45:20 +05:30
g0t mi1k 51f36982c7 Add: exploits/multi/http/os_cmd_exec 
A lot of this was based on: exploits/unix/webapp/php_eval
 2026-03-24 20:01:30 +00:00
Valentin Lobstein 3414611a3d Refactor: Use inherited SSL option from HttpClient instead of HTTPSSL 2026-03-14 00:07:28 +01:00
Valentin Lobstein c5c6c34232 Refactor: Remove HTTPSSL option, auto-detect SSL from port 443 2026-03-14 00:04:49 +01:00
Valentin Lobstein db3654eebf Fix: Address Copilot review feedback and fix cmd/dropper targets 
- Fix http_send: use standalone Rex::Proto::Http::Client to avoid
  SMTPDeliver/HttpClient connect() method conflict
- Fix cmd/dropper PHP stub: remove double $$ variable (vars[:cmd_varname]
  already includes $ prefix)
- Fix cmd/dropper unlink: use cleanup POST param instead of inline
  @unlink to preserve shell across multiple stager requests
- Fix wait_for_cron: use .to_i % fetch for correct modulo calculation
- Fix dir_exists?: use res&.redirect? instead of res&.code == 301
- Fix docs: RHOSTS -> RHOST (SMTPDeliver registers singular RHOST)
- Remove manual Date header (SMTPDeliver handles it)
- Update scan_paths comment to reflect MD5 digit extraction
- Replace php_exec_cmd with manual preamble + system_block stub
 2026-03-13 23:38:30 +01:00
LucasCsmt 3f25048d9b Merge branch 'master' into multi/http/churchcrm_db_restore_rce 2026-03-11 09:41:33 +01:00
x1o3 de72dcb88a fixes review feedback 2026-03-11 12:56:14 +05:30
msutovsky-r7 c6aabc1c75 Land #21001, adds module for SPIP Saisies plugin (CVE-2025-71243) 
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
 2026-03-09 10:34:52 +01:00
LucasCsmt 4ca2b22dff Adding documentation to the module 2026-03-06 10:18:58 +01:00
Valentin Lobstein 9b7faea3c2 Feat: Add FreeScout ZWSP .htaccess RCE module (CVE-2026-28289) 2026-03-05 18:06:32 +01:00
Valentin Lobstein 3d38e9b27b Fix: Fallback check to Detected when plugin version unavailable 
- Use spip_version as fallback when spip_plugin_version fails
- Return Detected instead of Unknown so AutoCheck does not abort
- Fix lab healthcheck to wait for saisies form before reporting healthy
 2026-03-05 14:13:05 +01:00
x1o3 f87a5d9598 fixes review feedback 2026-03-02 17:38:14 +05:30
x1o3 7d6d592efe logic fix & cleanup 2026-02-28 22:56:28 +05:30
x1o3 8ba79db6b6 msftidy_docs compliant 2026-02-28 21:30:40 +05:30
x1o3 657e53dcec Add module documentation 2026-02-28 20:59:49 +05:30
Valentin Lobstein 76d103e483 Fix: Bootstrap cycle tables and update lab documentation 
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
 2026-02-27 14:33:04 +01:00
Valentin Lobstein 402ed5d50b Docs: Clarify 41086aaa is a pinned vulnerable commit on alpha branch 2026-02-26 17:18:22 +01:00
Valentin Lobstein 53652b3e3b Fix: Update SPIP saisies doc with working lab setup 2026-02-21 09:50:50 +01:00
Valentin Lobstein b904419f28 Fix: Update SPIP saisies doc with working lab setup 2026-02-21 09:50:02 +01:00
Valentin Lobstein a8f66a23d9 Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243) 2026-02-21 09:32:53 +01:00
Valentin Lobstein 05c12bb033 Feat: Add three MajorDoMo unauthenticated RCE modules 
- CVE-2026-27174: Console eval RCE via missing exit after redirect
- CVE-2026-27175: Command injection via rc/index.php + cycle_execs race condition
- CVE-2026-27180: Supply chain RCE via update URL poisoning in saverestore module

All three modules include documentation with Docker lab setup instructions.
 2026-02-21 08:34:31 +01:00
msutovsky-r7 b6f37bef11 Land #20976, adds module for StoryChief WP plugin (CVE-2025-7441) 
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
 2026-02-19 10:06:25 +01:00
Nayeraneru a48129b640 Updated doc after checking msftidy_docs 2026-02-18 16:58:51 +02:00
Nayeraneru 8ee79fa524 Add StoryChief WordPress 1.0.42 unauthenticated RCE module 2026-02-16 00:44:20 +02:00
LucasCsmt a39ed2beac Removing default version in the Dockerfile 2026-02-13 15:14:41 +01:00
LucasCsmt bbfe139e7f Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 15:01:52 +01:00
LucasCsmt 2b6d95d3c9 Adding a scenario in the documentation 
The documentation for PHP Fetch have been added. The scenario have been
redone in order to track the last changes.
 2026-02-13 15:01:17 +01:00
LucasCsmt 381972efd2 Changing the documentation 
According to the recent change, i've changed the documentation and the
scenario outputs.
 2026-02-13 14:05:29 +01:00
Diego Ledda a4ec3cd40d Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce 
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
 2026-02-13 06:51:42 -05:00
LucasCsmt 78f4b8f97d Merge branch 'master' into multi/http/churchcrm_unauth_rce 2026-02-13 08:50:23 +01:00
Spencer McIntyre 35b52df28a Merge pull request #20849 from haicenhacks/haicen_xerte 
Add three modules for exploiting Xerte Online Toolkits
 2026-02-12 15:01:42 -05:00
Spencer McIntyre 41414b896b Tweak whitespacing in the docs for the renderer 2026-02-12 14:43:47 -05:00
haicen 7204c64b6b Improves documentation 2026-02-12 12:05:29 -05:00
haicen 66139795e5 Fixes problems with module documentation 2026-02-11 18:20:06 -05:00
sfewer-r7 58dd29107f remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque. 2026-02-05 17:21:31 +00:00
LucasCsmt eb5507844b Testing the module on different version 
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
 2026-02-05 12:36:26 +01:00
sfewer-r7 40073bcc8e typo in docs 2026-02-05 09:00:15 +00:00
sfewer-r7 50f46aa85d add docs 2026-02-04 20:36:10 +00:00
LucasCsmt 4d65f15884 Adding a link to the CVE 2026-02-04 16:17:15 +01:00
LucasCsmt ca5ceae1b3 Adding documentation to the churchcrm module 
The documentation of the module is addedd.
 2026-02-04 16:04:42 +01:00
Spencer McIntyre c0e9288ac5 Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce 
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
 2026-01-22 14:26:38 -05:00