93c7727622
Land #15058 , Cockpit CMS RCE
2021-04-21 13:21:55 +01:00
e39b065e06
vprint to print
2021-04-20 15:26:47 -04:00
51f9e1ae73
cockpit cms rce
2021-04-18 18:52:04 -04:00
d155702356
Add in Notes section to chrome_simplifiedlowering_overflow.rb
2021-04-16 11:02:52 -05:00
c6464313d4
Update modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb
...
Co-authored-by: Grant Willcox <63261883+gwillcox-r7@users.noreply.github.com >
2021-04-16 16:46:43 +01:00
97425602e9
fix typo and docs in chrome_simplifiedlowering_overflow
2021-04-16 14:59:43 +01:00
7c575cd38f
Land #15007 , add a chrome renderer exploit (CVE-2020-16040)
2021-04-08 22:18:20 +01:00
53b739277a
do location.reload() if exploit fails
2021-04-08 21:21:06 +01:00
8019eda667
fix 0x2000 shellcode limit
2021-04-08 21:17:40 +01:00
bd32f686bc
remove dataview allocation
2021-04-08 21:17:01 +01:00
6b86f6c881
remove 0x150 shellcode limit
2021-04-08 21:06:15 +01:00
c12f098c45
cosmetic fixes
2021-04-08 20:54:54 +01:00
1dfdb619a9
Update from code review
...
- Set RPORT default value to 3000
- Use ternary operator
2021-04-07 19:40:59 +02:00
b1c5afc55b
fix rubocop warning
2021-04-06 18:46:07 +05:30
c23a69dcaf
Make suggested changes
2021-04-06 18:43:26 +05:30
1088557ce9
fix rubocop warning
2021-04-06 17:51:23 +05:30
cb0319c849
fix rubocop warning
2021-04-06 17:41:05 +05:30
c863c324ae
Add exploit for CVE-2020-16040
2021-04-06 17:25:27 +05:30
73a8b7aa5f
Add Gitea and Gogs RCE modules and documentations
2021-03-31 16:47:29 +02:00
006faaab9a
Land #14924 , Add auxiliary and exploit modules for CVE-2020-6207 in SAP Solution Manager
2021-03-25 17:48:56 -04:00
3b8f3620d2
Minor updates
...
Updated action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 15:37:29 +03:00
0487e451cf
Updated payload
...
Updated make_rce_payload, renamed get_agent_os to check_agent in lib sap_sol_man_eem_miss_auth.rb
Updated action_ssrf, action_exec in auxiliary module cve_2020_6207_solman_rce.rb
Updated execute_command, exploit in exploit module cve_2020_6207_solman_rs.rb
2021-03-25 14:20:54 +03:00
391e013d89
Removed var lhost, lport in exploit module cve_2020_6207_solman_rs.rb
...
Changed fail reason if agent_name is nil in lib sap_sol_man_eem_miss_auth.rb
2021-03-25 11:26:14 +03:00
924f7feb76
Updated Arch in the exploit module cve_2020_6207_solman_rs.rb
...
Corrected by rubocop library sap_sol_man_eem_miss_auth.rb
2021-03-24 16:26:01 +03:00
66ce45d833
Added support for CmdStager in the exploit module cve_2020_6207_solman_rs.rb
2021-03-24 16:16:43 +03:00
567f78c532
Update PAYLOAD_XML, check_response in lib sap_sol_man_eem_miss_auth.rb
...
Delete class var agents in auxiliary and exploit modules
2021-03-24 11:21:57 +03:00
8c7a483f6e
Delete analyze_error in exploit module cve_2020_6207_solman_rs.rb
2021-03-23 23:59:48 +03:00
2c18435e6e
Update pretty_agents_table in lib sap_sol_man_eem_miss_auth.rb
...
Change output in auxiliary and exploit modules
2021-03-23 23:00:34 +03:00
d76224066f
Rename option URIPATH to TARGETURI
2021-03-23 13:33:39 +03:00
113dce79de
Move lib/metasploit/framework/sap_solman/client.rb to lib/msf/core/exploit/remote/http/sap_sol_man_eem_miss_auth.rb
2021-03-23 13:20:27 +03:00
2a48dd265d
Replace class var @@agents with a class instance var in auxiliary and exploit modules.
2021-03-22 12:13:04 +03:00
42726a70c0
client.rb - library for auxiliary and exploit modules
...
cve_2020_6207_solman_rce.rb - auxiliary module
cve_2020_6207_solman_rce.md - documentation for auxiliary module
cve_2020_6207_solman_rs.rb - exploit module
cve_2020_6207_solman_rs.md - documentation for exploit module
2021-03-21 16:51:21 +03:00
308a42e95b
Fix apache_activemq_upload_jsp exploit module for Java 8
2021-03-20 15:26:34 +00:00
aaf7e21def
Update the microfocus_ucmdb_unauth_deser module to use the new mixin
...
This updates the microfocus_ucmdb_unauth_deser module to use the new
Java Deserialization mixin. Unfortunately we do not have access to the
software for testing so these changes can not be verified.
2021-03-11 12:09:29 -06:00
d580e7d122
Fix some documentation, remove unnecessary code and fix a filename typo
2021-03-11 12:09:29 -06:00
8d2e644f4f
Add a new Java Deserialization mixin and use it to set the shell
2021-03-11 12:09:29 -06:00
2bd6b7abc7
Specify the modified_type when generating ysoserial payloads
...
Fixes #13753
2021-03-11 12:09:29 -06:00
f5edb5a105
Remove redundant rubocop disables
2021-03-11 17:23:44 +00:00
bcf7ad000b
Add CheckModule to fingerprint VMware product
2021-03-05 17:25:37 -06:00
33e52b0fb2
Update and refactor check
...
Now with more science!
2021-03-05 17:25:37 -06:00
26f1c209b2
Add VMware vCenter Server CVE-2021-21972 exploit
2021-03-05 17:25:37 -06:00
319f15d938
Handle nil versions for rubygems 4
2021-02-25 16:47:49 +00:00
b06c5c12aa
Rubocop recently landed modules continued
2021-02-25 14:13:40 +00:00
1d5a6e4a0b
Land #14771 , Add Apache Flink JAR Upload Java Code Execution
2021-02-23 09:19:56 -05:00
69031fa91f
Add Apache Flink JAR Upload Java Code Execution
2021-02-22 23:00:57 +00:00
8a339f54c1
Land #14734 , updates and runs rubocop against recent modules
...
Rubocop recently landed modules
2021-02-19 13:48:47 +00:00
275e9c5454
Land #14696 , Further Zeitwerk lands to improve boot speed
...
Zeitwerk rex folder
2021-02-19 10:33:37 +00:00
5b3fde7735
Rubocop recently landed modules
2021-02-16 15:08:08 +00:00
f6c3de5732
Land #14733 , Add latest Rubocop rules
2021-02-12 16:18:13 +00:00
bed7ae2c78
Add latest rubocop rules
2021-02-12 13:31:51 +00:00
agalway-r7