df8f281d18
Land #19204 , Zyxel VPN Series Pre-auth Command Injection
2024-07-03 20:14:39 +02:00
b67f05f50d
Apply suggestions from code review
2024-07-03 13:51:50 -04:00
7e4c6ca028
Added code to print stdout of payloads without reverse connections
2024-07-03 09:36:36 -07:00
1d602da6b5
Added space between command and stderr/stout redirection
2024-07-03 08:23:38 -07:00
9cfaa2e69f
Lowered rank and explained mock testing
2024-06-24 09:13:46 -07:00
24fa34e7b9
Land #19188 , Netis MW5360 unauthenticated RCE [CVE-2024-22729]
2024-06-24 13:40:51 +02:00
8fc6e20cec
Update other modules to use java_class_loader_start_service and cmdstager_start_service
2024-06-14 12:57:42 +02:00
4e26704d73
Update addressing cdelafuente-r7 comments
2024-06-12 18:57:29 +00:00
12b1936e16
Fixed typo added Options section docs
2024-06-10 07:39:24 -07:00
6a77c2e562
Final tweaks in check method
2024-06-08 11:33:55 +00:00
0e3471d543
Final draft
2024-06-07 19:47:06 +00:00
55fa94995b
Updated check method
2024-06-06 22:23:35 +00:00
9d47372fe6
rubocop
2024-06-03 15:43:25 -04:00
a8335478c7
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2024-06-03 15:33:46 -04:00
d8d1ea7ffb
Added on_new_session method
2024-05-29 16:04:00 -04:00
72f332aba0
Land #19150 , Add Flowmon Command Injection Module
...
Unauthenticated Command Injection Module for Progress Flowmon
CVE-2024-2389
2024-05-29 08:28:37 -04:00
e57f4d3cb5
Change xml to html in get_html_document
2024-05-28 16:29:55 -04:00
5d2a6aa4a1
Updated authors
2024-05-28 16:03:56 -04:00
9955724f0a
Fixed check method, responded to comments
2024-05-28 15:54:28 -04:00
d13ce0b1b8
rubocop fixes
2024-05-27 15:05:07 -04:00
e7d65fe60a
Update based on bwatters-r7 comments
2024-05-27 17:45:07 +00:00
92b259981f
Added WRITEABLE_DIR datastore option plus minor improvements
2024-05-27 12:48:17 -04:00
a0597007e4
Minor fixes, respond to comments
2024-05-23 14:02:28 -04:00
66a7fbf0ea
Update based on jvoisin comments
2024-05-21 20:21:35 +00:00
67154a12e0
Land #19104 , CHAOS rat xss to rce
2024-05-21 11:10:57 +01:00
31babb6ca1
Fixed disclosure date
2024-05-19 12:23:21 +00:00
6d844ae9c8
first release module
2024-05-19 12:16:14 +00:00
d1739f32c2
review of chaos rat
2024-05-13 16:55:43 -04:00
576191b34f
beta commit
2024-05-10 09:01:58 -07:00
a7e97e50ad
Add module for flowmon cmd injection CVE-2024-2389
2024-05-01 08:42:55 -07:00
364d491af7
Land #18972 , Progress LoadMaster unauthenticated command injection module CVE-2024-1212
...
Merge branch 'land-18972' into upstream-master
2024-04-26 18:18:40 -05:00
02c31159ab
Add vulnerable versions and fix indention
2024-04-26 17:36:50 -05:00
7f02902ba1
add event_dependent to chaos_xss
2024-04-24 16:53:24 -04:00
512da4bc45
chaos rat xss to rce
2024-04-24 16:51:58 -04:00
26a108aadc
Land #19046 , Apache Solr Backup Restore RCE [CVE-2023-50386]
2024-04-23 14:08:33 -04:00
a36244073f
Merge pull request #1 from bwatters-r7/update-18972
...
Remove Priv Esc to add it to another module and update it to only run…
2024-04-22 17:53:48 -07:00
c10bde97ff
Merge branch 'rapid7:master' into module/progress_kemp_loadmaster_unauth_cmd_injection
2024-04-22 17:53:32 -07:00
5df1052037
Addressing msftidy issues
...
C:132: 20: [Correctable] Layout/SpaceAroundBlockParameters: Space before first block parameter detected.
C:132: 30: [Correctable] Layout/SpaceAroundBlockParameters: Space after last block parameter detected.
C:133: 5: [Correctable] Layout/IndentationWidth: Use 2 (not 4) spaces for indentation.
C:143: 4: [Correctable] Layout/TrailingEmptyLines: Final newline missing.
2024-04-18 18:34:18 -05:00
982b6aef0a
Incorporating PAN-OS module peer review suggestions, adding documentation for the module
2024-04-18 18:21:12 -05:00
22d3ee5df2
Changing the wording for TARGETURI
2024-04-18 08:25:06 -05:00
cea9fb66ed
Swap out staged payload for unstaged
...
Co-authored-by: Brendan <bwatters@rapid7.com >
2024-04-18 08:21:18 -05:00
9741b12d29
Addressing a new issue the linter caught after changes
...
W:117: 5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res.
2024-04-17 15:44:45 -05:00
7e191c75e7
Addressing msftidy issues
...
Fixes for the following:
W: 80: 5: [Correctable] Lint/UselessAssignment: Useless assignment to variable - res_create_file. Did you mean res_check_created?
C: 90: 81: [Correctable] Style/TrailingCommaInArguments: Avoid comma after the last parameter of a method call.
C: 93: 8: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 93: 42: [Correctable] Style/AndOr: Use && instead of and.
C: 93: 46: [Correctable] Style/InverseMethods: Use != instead of inverting ==.
C: 94: 43: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C💯 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
C:131: 18: [Correctable] Style/StringLiterals: Prefer single-quoted strings when you don't need string interpolation or special symbols.
2024-04-17 15:40:08 -05:00
275345b68d
Fix single char
2024-04-17 13:54:58 -05:00
41e19d7759
Draft of CVE-2024-3400 module
2024-04-17 13:52:50 -05:00
010f044117
Add https prefix to module URL references
2024-04-17 13:00:41 +01:00
409f0e45a6
Remove Priv Esc to add it to another module and update it to only run once
2024-04-15 15:44:22 -05:00
8968222cf0
Rubocop, when will I learn
2024-04-04 13:41:08 -07:00
7f62dd2143
Responded to comments
2024-04-04 13:39:22 -07:00
531e7baa02
Add reminder todo
2024-04-03 17:08:09 -07:00
Christophe De La Fuente