06eba2245e
Creating a check method
2026-02-13 11:34:46 +01:00
867624cad3
Removing default option
...
The default option has been remove in favor of metasploit's default
selection.
2026-02-13 10:42:42 +01:00
dc2e73b44a
Adding a failwith if the injection fail
2026-02-13 09:57:39 +01:00
aacbd1d180
Changing PHP injection logic
...
The PHP payload is injected directly into the PHP code injection. The
cleanup method has been remove in favor of a InitialAutoRunScript that
clear the config file.
2026-02-13 09:52:48 +01:00
78f4b8f97d
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 08:50:23 +01:00
35b52df28a
Merge pull request #20849 from haicenhacks/haicen_xerte
...
Add three modules for exploiting Xerte Online Toolkits
2026-02-12 15:01:42 -05:00
803e6d3991
adds auto-check and fixes print statements
2026-02-12 12:58:01 -05:00
0af126cba9
adds ability to create a project if none exist.
2026-02-12 12:50:00 -05:00
930bb4fecd
fixes error in .htaccess policy generation
2026-02-12 12:43:16 -05:00
b4f26d0329
conform to uri normalization pattern
2026-02-12 12:42:33 -05:00
f25fab7c40
fixes error in .htaccess policy generation
2026-02-12 12:41:28 -05:00
66aad682d6
changes the .htaccess payload to use heredoc
2026-02-11 18:30:20 -05:00
208dc3489c
fixes linting errors
2026-02-11 17:55:21 -05:00
2c7b7e8b5c
Merge pull request #20942 from rudraditya21/attack-exploit-privesc
...
Add MITRE ATT&CK mappings for exploit and privilege escalation modules
2026-02-11 15:38:59 -06:00
838d047b66
Fix the GHSA notation
2026-02-11 11:27:24 +01:00
af3ce4a0f5
Changing placeholders to random text inside request
...
The 'alter_config' function has been altered in order to use random text
as placeholder to fake information in the configuration. The GHSA is
fixed too.
2026-02-11 11:26:59 +01:00
7c9f18bbab
Shorten the if condition's format
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:48:54 +01:00
fc9d2b2fce
adding CONFIG_CHANGES to side effect
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:47:49 +01:00
37fe98c7bd
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-10 16:34:08 +01:00
68e17f2b13
Normalizes URI construction
2026-02-09 20:56:08 -05:00
a1b02d1139
adds newlines between functions
2026-02-09 20:53:36 -05:00
3ee7bd435b
changes URI construction to comply with standards
2026-02-09 20:45:10 -05:00
e28afb7e12
renames files to conform to standards
2026-02-09 20:30:33 -05:00
d8fd09b156
adds newline between functions
2026-02-09 20:30:29 -05:00
98d8e35d85
adds checks to address nil condition on variables
2026-02-09 20:30:25 -05:00
f852aac863
Changes url structure to conform to requested changes
2026-02-09 20:30:18 -05:00
60b0209914
Improves module vulnerability check
2026-02-09 20:29:50 -05:00
8d6f775ebe
added: ATT&CK references to exploit and privilege escalation modules
2026-02-09 23:03:01 +05:30
f41eda1128
Add GHSA and OSV reference type support
...
Add support for GHSA (GitHub Security Advisories) and OSV (Open Source
Vulnerabilities) as structured reference types in Metasploit modules.
Convert 49 hardcoded GHSA URLs to structured ['GHSA', 'GHSA-xxxx'] format
across existing modules, and add support for repository-specific GHSA
references with an optional third parameter ['GHSA', 'GHSA-xxxx', 'repo'].
Update reference validation, module validator, and info_fixups to handle
the new reference types correctly.
2026-02-09 15:17:23 +01:00
9cb6ddb7c1
Mentioning the version in the title
...
Title has been changed in order to mention the version where the exploit
work.
2026-02-05 15:46:38 +01:00
eb5507844b
Testing the module on different version
...
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
2026-02-05 12:36:26 +01:00
9acd3ce2df
Rubocop on the file
2026-02-04 11:12:58 +01:00
22fde78f55
Supression of check_execution
...
Supression of the method 'check_execution' because it was to context
related and it is impossible to predict how the web server react to
command execution.
2026-02-04 11:12:12 +01:00
198926b761
Refactoring code disposition
...
The code have been refactored to be more organised.
2026-02-03 16:11:40 +01:00
808a514102
Better title for the module
2026-02-03 15:48:06 +01:00
e27112275a
Metasploit module for ChurchCRM's RCE
...
This commit add the module that exploit the ChurchCRM Unauth RCE.
2026-02-03 15:47:28 +01:00
f31776caf0
Merge pull request #20778 from h00die/ssh_keys
...
Update and combine ssh key persistence with mixin
2026-01-27 06:39:10 -08:00
0b68476817
Update modules/exploits/multi/persistence/ssh_key.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-01-26 16:44:46 -05:00
048163ea89
ssh_key persistence review
2026-01-24 16:36:54 -05:00
c0e9288ac5
Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce
...
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
2026-01-22 14:26:38 -05:00
18a4cf8c00
Use the ssl setting for HttpServer#start_service
2026-01-22 13:49:28 -05:00
e9a6a6fd45
Responded to comments
2026-01-22 15:03:32 +01:00
96b788e1e8
Increase length of cron job name
2026-01-22 15:03:32 +01:00
0e0a6cc9cd
Removed duplicate platform
2026-01-22 15:03:31 +01:00
2e484d552e
Finishing touches
2026-01-22 15:03:31 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
537a1c5395
Land #19821 , adds Burpsuite persistence module
...
Burp extension persistence
2026-01-22 11:03:08 +01:00
719874a7f4
Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module
...
Add exploit oracle ebs CVE 2025 61882 module
2026-01-21 16:08:09 -08:00
927f5330f4
Rubocop fixes
2026-01-21 14:56:08 -08:00
c45309e9ab
Added payload length guards
2026-01-21 11:34:21 -08:00
LucasCsmt