fc6957fbf6
Fix a couple of issues in the markdown formatting
2021-01-27 10:00:02 -05:00
7220dc3ff6
add new note on broken payloads
2021-01-24 22:39:01 +07:00
12157163f7
Merge branch 'obm_deser' into ucmdb
2021-01-24 22:25:57 +07:00
bf4ac7b1a8
add UCMDB sploit
2021-01-24 22:25:45 +07:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
d8c55501a5
ait csv improter exploit
2021-01-01 12:14:52 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
835059f00c
[CVE-2020-10977] Gitlab arbitrary file read to RCE
2020-12-07 01:26:54 +00:00
8e534ffc22
Split scenarios to separate blocks for each target
...
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894 .
2020-11-26 13:46:01 +01:00
536e1a1a02
Fix typo in documentation
2020-11-26 13:46:01 +01:00
c280bb67e7
Wrap at 140 characters to appease msftidy_docs.rb.
2020-11-26 13:46:01 +01:00
4dc564e62b
Added documentation for module.
2020-11-26 13:46:01 +01:00
95665e916c
Land #14416 , wordpress plugin 'simple file list' rce
2020-11-25 09:58:26 -05:00
94c157bc95
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
31426576e0
Land #14264 , Add exploit/multi/http/kong_gateway_admin_api_rce
2020-11-25 11:09:02 +00:00
92c92f1573
simple file list rce
2020-11-21 08:51:07 -05:00
dcd8ec1d70
Lock JDK to 8u131 to be safe
2020-11-18 15:17:12 -06:00
bcdf5aa586
Clarify Windows target setup further
2020-11-18 14:25:10 -06:00
4d610b5500
Clarify using the generic installer for examples
2020-11-18 14:06:13 -06:00
83beae731f
Add WebLogic Administration Console Handle RCE
...
CVE-2020-14882
CVE-2020-14883
2020-11-18 10:56:02 -06:00
d6b412c58e
Land #14340 , Add HorizontCMS 1.0.0-beta exploit module and documentation
2020-11-13 13:03:04 +01:00
e7a20ec47c
Add CVE ID to module and docs
2020-11-05 07:05:32 -05:00
cf954888da
Add horizontcms_upload_exec module and documentation
2020-11-02 13:01:13 -05:00
bb9464801e
Make changes suggested in review
...
* Add better explanation of public-api-port option in documentation
* Add example in scenarios where admin API is on different host to
public API (therefore public-api-port option must be used)
* Add targeturi option
* Add version number that has been tested in 2 places in documentation
2020-10-27 21:13:45 +00:00
8d43fa4848
Module can now use mkfile+put method to exploit vulnerability.
2020-10-15 17:46:40 +08:00
f6b5053666
Add exploit/multi/http/kong_gateway_admin_api_rce
2020-10-13 16:56:34 +01:00
b9df68cbb6
Fix module according to Rubocop, make documentation follow standard.
2020-10-11 19:04:06 +08:00
57b0f30e37
Add new module for WordPress File Manager unauth RCE (CVE-2020-25213)
2020-10-11 01:20:28 +08:00
15bb690308
fix vulnerability spelling
2020-10-04 13:00:48 -04:00
e65083c092
Add maracms_upload_exec.rb exploit module and docs
2020-09-22 16:53:29 -04:00
24b1235cf7
Whitespace adjustment and remove superfluous return statements
2020-08-12 13:59:25 -04:00
0dab52ef35
A few last changes from msftidy and msftidy_docs.
2020-08-09 18:25:13 -05:00
661e2a680b
Initial push of exploit and module for vbulletin_widget_template_rce vulnerability.
2020-08-09 17:38:52 -05:00
2ca508c08e
Further edits for RuboCop and msftidy_docs.rb compliance
2020-08-06 11:18:39 -05:00
5c6530d9e5
Update module description and documentation to have a better description of what is going on and to also fix further copies of the typos that were pointed out.
2020-08-06 10:50:47 -05:00
7985eafda0
Add Baldr Botnet Panel RCE Module
2020-07-24 07:45:43 +03:00
2b1af9acaa
Land #13610 , add atutor auth dir trav / rce
2020-06-29 11:58:34 -05:00
57f40053da
Improve autoselect (incorporate suggestions from code review)
2020-06-18 16:39:11 -04:00
199d7db222
Fix up items mentioned by @space-r7 during her review
2020-06-18 09:56:20 -05:00
a26977c6fa
Finish up rest of msftidy_docs.rb documentation
2020-06-17 16:11:56 -05:00
22c76d94c3
Fix most of the msftidy_docs.rb errors
2020-06-17 16:06:16 -05:00
eebacb8fbb
Make adjustments so that this module only supports Windows so that we can land this for now. Linux support may be added in the future.
2020-06-17 14:56:40 -05:00
Spencer McIntyre