adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,418 Commits 27 Branches 1,043 Tags
1ac0e2dc668a5d7b7a678dc052d0d0a3465122d4
Commit Graph

859 Commits

Author SHA1 Message Date
Heyder Andrade 1ac0e2dc66 Update splunk_privilege_escalation_cve_2023_32707.md 2023-10-23 11:31:19 +02:00
Heyder Andrade 766766be78 Apply suggestions from code review 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-09-14 16:13:10 +02:00
eu 8627616404 Added scenario for a non-vulnrable version 2023-09-14 15:56:35 +02:00
eu 54a7b55eb4 Fix code style 2023-09-14 15:05:41 +02:00
eu fc4b47cddd Added documentation 2023-09-13 17:18:18 +02:00
Ismail Dawoodjee 94b7e77d11 Fix exploit/linux typos in Subrion RCE docs 2023-08-23 22:44:49 +08:00
Jack Heysel 5fdc9924d5 Land #18123, add exploit for Jorani unauth RCE 
This PR adds a module that chains together a log poisoning LFI,
redirection bypass and a path traversal vulnerability to obtain unauth RCE.
 2023-08-18 16:44:42 -04:00
jheysel-r7 4ddd789f51 Apply suggestions from code review 2023-08-18 15:33:59 -04:00
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die b2869a5550 version numbers for apache nifi rce 2023-07-31 17:16:26 -04:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Ege Balcı 0996938113 Add note for Windows compatibility 2023-07-28 17:06:38 +02:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 103f9a3f60 Update install instructions and scenario 2023-07-26 18:08:54 +02:00
Ege Balcı 00f2fe03be Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı fa3638b10e Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 5018c0cdc5 Add documentation 2023-07-26 16:26:17 +02:00
cgranleese-r7 52b417b1af Update documentation/modules/exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce.md 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y a3daab88e6 Added documentation and updated exploitable plugins list 2023-07-25 14:06:42 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
h00die-gr3y a3ea55f2a6 added documentation 2023-07-08 12:30:54 +00:00
Guilhem RIOUX e274b96a13 Updating documentation 2023-07-08 07:29:38 +02:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
Guilhem RIOUX 068a81a638 First remove the check after the triggering payload as it is not reliable. Adding the documentation after checking it with the dev tool 2023-06-28 08:53:50 +02:00
Jack Heysel bf1e6bddd1 Land #18134, Add exploit for CVE-2023-25194 
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
 2023-06-23 16:52:04 -04:00
Heyder Andrade b026b38851 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-06-23 09:36:50 +02:00
Redwaysecurity.com 77bb6759a6 Review suggestions 2023-06-22 18:12:13 +02:00
dwelch-r7 e298788a28 Land #18049, Update jenkins login scanner to work with newer versions 2023-06-22 14:04:24 +01:00
Redwaysecurity.com e2fc3c5eff Fixed documentation offenses 2023-06-22 14:48:16 +02:00
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
Spencer McIntyre 4c817ce1de Land #17946, CVE-2023-21839 - Oracle Weblogic RCE 
CVE-2023-21839 - Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
 2023-06-09 14:55:43 -04:00
Christophe De La Fuente 82c8b5418e Land #17936, PaperCutNG Authentication Bypass with RCE 2023-06-07 15:05:51 +02:00
Christophe De La Fuente 991b9604e5 Add options to the documentation 2023-06-07 15:05:12 +02:00
catatonicprime a03603d076 Documentation linting. 2023-06-06 15:35:20 +00:00
Grant Willcox e78cf054b8 Add in EITW notes 2023-05-24 13:17:49 -05:00
Grant Willcox 84961e6e09 Add in documentation 2023-05-24 13:17:49 -05:00
catatonicprime c43eaf86bc Adding documentation. 2023-05-11 05:09:35 +00:00
Grant Willcox 9f0a6503b7 require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
Grant Willcox 5d4e68d36c Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't 2023-05-10 10:36:29 -05:00
Grant Willcox 1b8f1de7c8 Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters. 2023-05-10 10:16:08 -05:00
Jack Heysel 07056a74bc Pentaho Business Server Auth Bypass and SSTI 2023-05-09 14:24:51 -05:00
sfewer-r7 5d05754d9b update the AKB URL to reference the changed CVE 2023-04-14 17:44:38 +01:00
sfewer-r7 e6211175b3 rename the files to the correct CVE 2023-04-14 15:52:13 +01:00
sfewer-r7 b5ea420760 On April 12 Adobe reclassified CVE-2023-26360 from an Improper Access Controll vuln to a Deserialization of Untrusted Data vuln. A private report has confirmed that CVE-2023-26359 is a similar yet seperate vuln, so I am changing the CVE associated with these two modules from CVE-2023-26359 to CVE-2023-26360 as we now beliee this is the correct CVE. 2023-04-14 15:49:10 +01:00
sfewer-r7 ae87f35944 fix two typos in documentation 2023-04-13 15:57:48 +01:00
sfewer-r7 375d9b34f1 make on_request_uri compatible with both command staget and teh generic java target 2023-04-11 14:25:07 +01:00
sfewer-r7 43fe41bea5 RCE exploit for CVE-2023-26359 and an auxiliary module for arbitrary file read via the same vuln. 2023-04-06 14:02:01 +01:00