adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,906 Commits 27 Branches 1,043 Tags
2bb2bbc5bd399cf81541fcccf4ead1353b29697c
Commit Graph

2858 Commits

Author SHA1 Message Date
msutovsky-r7 ffdfa07954 Land #20354, adds module for ISPConfig code injection (CVE-2023-46818) 
Add module for ISPConfig Code Injection (CVE-2023-46818)
 2025-07-09 07:47:56 +02:00
Martin Sutovsky 7d881567f2 Refactors code 2025-07-07 11:54:28 +02:00
happybear-21 1700b2eaaa fixed: rubocop issues, changes resolved 2025-07-03 21:25:19 +05:30
happybear-21 03e943726a resolved: changes updated methods 2025-07-01 21:33:41 +05:30
happybear-21 20134b5ced resolved: changes 2025-07-01 15:37:10 +05:30
happybear-21 47f2ba2861 removed: unused imports, and functions, removed: falsey statements, resolved: changes 2025-06-30 20:34:17 +05:30
happybear-21 ff15b581ed resolved: issues 2025-06-29 12:34:38 +05:30
happybear-21 e77abd9bbc added: automatic admin_allow_langedit permission checking and enabling capability 2025-06-28 16:20:49 +05:30
happybear-21 93a8334699 fixed: build issue 2025-06-27 20:16:07 +05:30
happybear-21 840ae0f317 resolved: issues 2025-06-27 19:42:35 +05:30
Diego Ledda a7b038b822 Merge pull request #20341 from msutovsky-r7/exploit/skyvern_ssti_rce 
Adds module for Skyvern SSTI (CVE-2025-49619)
 2025-06-27 14:14:40 +02:00
Martin Sutovsky ee890a83ca Adds BadChars 2025-06-27 11:03:08 +02:00
adfoster-r7 a0bb2d8c89 Merge pull request #20298 from bcoles/modules-SSL 
Modules: Convert SSL default option to Boolean in several modules
 2025-06-26 15:00:59 +01:00
happybear-21 016f4ea142 resolved: issues 2025-06-26 10:26:05 +05:30
happybear-21 d787444137 Add exploit module for ISPConfig language_edit.php PHP Code Injection (CVE-2023-46818) 
- Adds modules/exploits/linux/http/ispconfig_lang_edit_php_code_injection.rb
- Adds documentation for the module in documentation/modules/exploit/linux/http/ispconfig_lang_edit_php_code_injection.md
- Module targets ISPConfig < 3.2.11p1 with admin_allow_langedit enabled
- References and implementation based on PoC and advisories at https://github.com/SyFi/CVE-2023-46818
 2025-06-25 22:27:52 +05:30
cgranleese-r7 00c88caffb Updates incorrect arch values in modules 2025-06-25 16:57:27 +01:00
cgranleese-r7 04a18fb3ca Updates modules to remove non-printable chars 2025-06-25 14:19:56 +01:00
cgranleese-r7 40ca2b3b1b Adds sentinel notes to modules that are missing stability, reliability or side effects 2025-06-25 09:32:01 +01:00
cgranleese-r7 a454217bd4 Update info -d markdown 2025-06-24 11:21:49 +01:00
cgranleese-r7 37388ca1be Adds sentinel values to modules missing notes 2025-06-23 12:24:58 +01:00
bcoles b483312eca Modules: Convert SSL default option to Boolean in several modules 2025-06-23 19:38:36 +10:00
cgranleese-r7 ade9b54d94 Runs Style/TrailingCommaInArguments Rubocop against modules 2025-06-23 09:30:35 +01:00
Martin Sutovsky ca142599e8 Module init 2025-06-23 10:27:27 +02:00
adfoster-r7 b8c375d087 Merge pull request #20337 from bcoles/exploit-linux-http-opentsdb_key_cmd_injection 
opentsdb_key_cmd_injection: Set Arch to ARCH_CMD
 2025-06-22 14:51:04 +01:00
bcoles cede07596f opentsdb_key_cmd_injection: Set Arch to ARCH_CMD 2025-06-22 12:39:04 +10:00
Ahmed Ezzat 0307bab692 Update opennms_horizon_authenticated_rce.rb 
Fix Arch
 2025-06-21 20:37:33 +03:00
cgranleese-r7 a4b14d8b64 Runs Rubocop to fix layout in modules 2025-06-20 15:18:01 +01:00
Spencer McIntyre f3b650a409 Major refactoring of PHP payloads and related exploits 2025-05-30 09:06:38 -04:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
Christophe De La Fuente 3d121839c8 Fix from code review #2 2025-05-13 17:17:41 +02:00
Christophe De La Fuente 4aea95f93c Fix from code review 2025-05-13 12:54:31 +02:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
Chocapikk 73f0963d81 Lint ^^ 2025-04-30 16:16:30 +02:00
Valentin Lobstein 691cead95c Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-04-30 16:10:32 +02:00
Valentin Lobstein c85fe60596 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:33:14 +02:00
Valentin Lobstein 301e9e64e7 Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-30 11:32:58 +02:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
Valentin Lobstein 9d0d12004e Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:59:09 +02:00
Valentin Lobstein 59b9249cec Update modules/exploits/linux/http/craftcms_preauth_rce_cve_2025_32432.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-04-29 19:58:38 +02:00
Chocapikk a0e9758c7f Improve error handling, and search csrf_token in root uri 2025-04-27 08:01:17 +02:00
Chocapikk ba094199da Fix typo 2025-04-26 10:41:30 +02:00
Chocapikk 332c61b6ea Fix cookie handling and switch to send_request_cgi for HTTP requests 2025-04-26 08:24:11 +02:00
Chocapikk 3e96b4148e Add comment about msftidy issue 2025-04-26 06:02:27 +02:00
Chocapikk 9392d0bdf9 Add suggestions 2025-04-26 05:56:41 +02:00
Chocapikk c4e621f3cf Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE 2025-04-26 05:43:13 +02:00
Takah1ro dc8531e37f Fix after applied suggestions (escape ') 2025-04-22 21:57:05 +09:00
Takahiro Yokoyama f579235b95 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-04-22 21:53:05 +09:00
Takah1ro e1b5109c70 Add BentoML RCE module (CVE-2025-32375) 2025-04-17 20:46:43 +09:00
Takahiro Yokoyama 5945e0db0e Update modules/exploits/linux/http/bentoml_rce_cve_2025_27520.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-04-16 22:05:04 +09:00
Takah1ro edcc30699a Make user be able to specify a particular endpoint 2025-04-16 21:47:31 +09:00