5f92d9418d
Modules: Fix Stability/SideEffects/Reliability notes for several modules
2022-10-01 17:54:59 +10:00
76c6632305
Land #16673 , qdPM 9.1 - Authenticated Remote Code Execution (CVE-2020-7246)
...
Merge branch 'land-16673' into upstream-master
2022-09-29 09:46:27 -05:00
0dcfe72614
Use the standard Linux stager
2022-09-13 16:10:48 -04:00
5e04ece15b
Support newer versions of Jenkins
...
This retains backwards compatibility
2022-09-13 15:08:23 -04:00
fb28f81700
Land #16750 , update jenkins_script_console
2022-08-31 16:59:33 -05:00
324fb69735
Resolve rubocop issues
2022-08-25 14:41:30 -04:00
8a79128ac4
Switch to using Rex::RandomIdentifier
2022-08-25 14:37:37 -04:00
2e8e15e338
Fail back to the old method using error handling
...
Tested successfully on docker image tags:
* Jenkins 1.565 (pushed 2015-11-14)
* Jenkins 2.60.3 (pushed 2018-07-17)
Tested unsuccessfully on docker image tags:
* Jenkins 2.346.3 (pushed 2022-08-10)
Issue is that login is broken because the URI changed from
j_acegi_security_check to j_spring_security_check.
2022-08-25 14:06:47 -04:00
76f6eda5a9
Using FileDropper Mixin
2022-07-27 19:32:50 +02:00
ccef129807
Land #16727 , set tftphost option
2022-07-12 15:29:42 -05:00
3d13dab11e
Update jenkins_script_console.rb
2022-07-06 19:08:38 +02:00
5db741550b
Update jenkins_script_console.rb
...
Modern Java disabled the sun.misc.BASE64Decoder class so exploit will fail on any newer version of Jenkins.
The java.util.Base64 class should be used now; the change has been confirmed to work with the latest version of Jenkins (the current exploit silently fails).
2022-07-06 15:16:01 +02:00
17f82a900e
linting for confluence_widget_connecter and add catch for all scenarios where clear_response returns nil
2022-07-01 08:43:47 -04:00
f6b6ad4bf1
prevent confluence_widget_connector from crashing when the response body in get_java_property is empty
2022-07-01 07:37:54 -04:00
1b7d8f1e74
Fix a whitespace issue, restore option naming
2022-06-29 12:24:29 -04:00
bbbec267b6
exploits: Set tftphost option for modules which use Windows TFTP stager
2022-06-29 19:10:52 +10:00
695e1243b8
Update modules/exploits/multi/http/phpmailer_arg_injection.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2022-06-28 23:08:20 -10:00
836970e1ae
Update phpmailer_arg_injection.rb
...
fixed typo
2022-06-23 13:45:42 -10:00
8259e8e495
Update phpmailer_arg_injection.rb
...
Fixed regex to match legal name tags
2022-06-23 13:43:21 -10:00
ae8f1c3378
Update on phpmailer_arg_injection.rb #15810
...
Added Regex to validate new options
2022-06-23 13:10:19 -10:00
e9b2fc6ecf
Merge branch 'rapid7:master' into master
2022-06-23 12:52:09 -10:00
96feb8d1be
Update phpmailer_arg_injection.rb
...
Changed new advanced option to camel case
2022-06-23 12:47:26 -10:00
9160573d0c
Better cleanup for Linux
2022-06-16 23:08:32 +02:00
7963b22fa5
Added Windows support
2022-06-16 22:37:56 +02:00
aef69d1c43
Further changes as suggested
2022-06-16 21:04:57 +02:00
4c17a3c342
Fixed documentation spelling and presentation. Changed to new file upload API
2022-06-16 18:59:39 +02:00
b23e2207c2
Removed a rogue require statement
2022-06-16 16:42:03 +02:00
91d83e966c
Changed documentation to fit targets and added installation instructions. Added requests to delete .htaccess
2022-06-16 16:24:17 +02:00
339114e3c0
Check the target platform for compatibility
2022-06-15 17:11:56 -04:00
dc3596525e
Add Windows targets
2022-06-15 15:23:34 -04:00
ba76c5702d
Code changes, included metasploit version comparison utilities, removed Linux targets
2022-06-14 20:45:35 +02:00
cb1e72461f
Renamed username to email to better reflect the user input nature. Created module documentation under /documentation/modules/exploit/multi/http/qdpm_authenticated_rce.md
2022-06-14 10:35:43 +02:00
c906cf8fa2
Fixed EDB reference
2022-06-13 17:41:34 +02:00
3875db78ae
Land #16644 , Add Exploit for CVE-2022-26134 (Confluence RCE)
...
Merge branch 'land-16644' into upstream-master
2022-06-07 16:00:37 -05:00
1a06f69f95
Works through v7.18 now too
2022-06-06 22:03:21 -04:00
45c646afea
Refactor #encode_ognl
2022-06-06 18:15:44 -04:00
2c0e034a18
Fix a couple of typos
2022-06-06 18:14:05 -04:00
f55334f0fe
Add version detection
2022-06-03 18:26:04 -04:00
76ec36a091
Remove the Windows targets for now
2022-06-03 16:50:13 -04:00
29a9ef686a
Finish up a draft of the module
2022-06-03 16:47:02 -04:00
cd6bbeb0ba
WIP module
2022-06-03 15:27:13 -04:00
1dc61d02eb
Update php_fpm_rce.rb
2022-06-03 11:23:53 +03:00
474116d413
Land #16611 , DotCMS File Upload to RCE Module (CVE-2022-26352)
2022-06-02 15:30:10 +02:00
97caca4f6e
Update modules/exploits/multi/http/dotcms_file_upload_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2022-06-01 10:54:02 -04:00
bea4207c62
Land PR #16607 - MyBB RCE Module (CVE-2022-24734)
...
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
2022-05-31 11:59:53 -04:00
2c02a607ee
Responded to PR feedback
2022-05-30 14:46:54 -04:00
b996f5ee49
Fixes from code review
2022-05-30 16:24:18 +02:00
1f304ef2c4
Add module exploit for MyBB RCE - CVE-2022-24734
2022-05-23 17:27:20 +02:00
3afb9b2ffe
dotCMS file upload to RCE module
2022-05-20 15:57:22 -04:00
4f4287eb6b
Module working on linux
2022-05-19 09:37:48 -04:00
bcoles