adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
61,164 Commits 27 Branches 1,043 Tags
15268366e1ab19e6b7f2cc0f2bf424fd8347ebfc
Commit Graph

372 Commits

Author SHA1 Message Date
Grant Willcox 5b274770ef Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
Alan Foster 2b837a9d11 Add ssl setup documentation for gitlab 2021-05-17 23:59:08 +01:00
Alan Foster 5a0360228f Update cockpit cms module 2021-05-12 17:20:31 +01:00
Pedro Ribeiro e6b605369e UCMDB: remove warning from docs and change Linux target to reverse_python 2021-05-02 16:53:02 +07:00
h00die 51f9e1ae73 cockpit cms rce 2021-04-18 18:52:04 -04:00
Christophe De La Fuente 73a8b7aa5f Add Gitea and Gogs RCE modules and documentations 2021-03-31 16:47:29 +02:00
William Vu 151b8f2f92 Update vmware_vcenter_uploadova_rce module doc 2021-03-30 21:08:21 -05:00
Grant Willcox f01b434160 Land #14896, Fix apache_activemq_upload_jsp exploit module for Java 8 2021-03-24 10:22:03 -05:00
Grant Willcox 9d7e9990f4 Update documentation wording a bit to be more appropriate 2021-03-24 09:17:22 -05:00
alanfoster 308a42e95b Fix apache_activemq_upload_jsp exploit module for Java 8 2021-03-20 15:26:34 +00:00
Alan Foster 9a92ac87a1 Ensure documentation files have md extension 2021-03-15 10:24:50 +00:00
Spencer McIntyre a227d00275 Add additional setup notes for some modules 2021-03-11 12:09:29 -06:00
William Vu 729994d4af Update module doc 2021-03-05 17:25:37 -06:00
William Vu 7bbb4cc09a Add module doc 2021-03-05 17:25:37 -06:00
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
Pedro Ribeiro 79cac47ba3 add suggestions by cdelafuente-r7 2021-02-09 14:24:49 +07:00
Pedro Ribeiro 33edfaa8f6 mention that it has been tested on 2019.11 too 2021-01-30 21:47:31 +07:00
Pedro Ribeiro b8fe5fabf8 fix typo another typo 2021-01-28 22:50:05 +07:00
Pedro Ribeiro 446316ef6c fix typo at the end of app list 2021-01-28 22:49:32 +07:00
Pedro Ribeiro dcd9a6a214 add more clarification regarding affected products 2021-01-28 20:41:08 +07:00
Pedro Ribeiro 7ea5c3ffce add clarification about c3p0 2021-01-28 18:23:20 +07:00
Pedro Ribeiro c73fa70543 do the rubocop thing and add docs 2021-01-28 18:21:51 +07:00
Spencer McIntyre fc6957fbf6 Fix a couple of issues in the markdown formatting 2021-01-27 10:00:02 -05:00
Pedro Ribeiro 7220dc3ff6 add new note on broken payloads 2021-01-24 22:39:01 +07:00
Pedro Ribeiro 12157163f7 Merge branch 'obm_deser' into ucmdb 2021-01-24 22:25:57 +07:00
Pedro Ribeiro bf4ac7b1a8 add UCMDB sploit 2021-01-24 22:25:45 +07:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
h00die d8c55501a5 ait csv improter exploit 2021-01-01 12:14:52 -05:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 799b451324 Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer. 2020-12-22 17:33:40 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 246c455c96 Reformat the struts2_namespace_ognl module docs 2020-12-15 09:13:06 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
Graeme Robinson 8e534ffc22 Split scenarios to separate blocks for each target 
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894.
 2020-11-26 13:46:01 +01:00
Graeme Robinson 536e1a1a02 Fix typo in documentation 2020-11-26 13:46:01 +01:00
Graeme Robinson c280bb67e7 Wrap at 140 characters to appease msftidy_docs.rb. 2020-11-26 13:46:01 +01:00
Graeme Robinson 4dc564e62b Added documentation for module. 2020-11-26 13:46:01 +01:00
Spencer McIntyre 95665e916c Land #14416, wordpress plugin 'simple file list' rce 2020-11-25 09:58:26 -05:00
Spencer McIntyre 94c157bc95 Tweak the documentation and module output just a little for clarity 2020-11-25 09:58:07 -05:00
cgranleese-r7 31426576e0 Land #14264, Add exploit/multi/http/kong_gateway_admin_api_rce 2020-11-25 11:09:02 +00:00
h00die 92c92f1573 simple file list rce 2020-11-21 08:51:07 -05:00
William Vu dcd8ec1d70 Lock JDK to 8u131 to be safe 2020-11-18 15:17:12 -06:00
William Vu bcdf5aa586 Clarify Windows target setup further 2020-11-18 14:25:10 -06:00
William Vu 4d610b5500 Clarify using the generic installer for examples 2020-11-18 14:06:13 -06:00
William Vu 83beae731f Add WebLogic Administration Console Handle RCE 
CVE-2020-14882
CVE-2020-14883
 2020-11-18 10:56:02 -06:00