c278ef9b73
Land #18648 , Add Module for GL.iNet products
...
This PR adds an exploit module for a number of
different GL.iNet network products. The module combines
an auth by-pass CVE-2023-50919 with an RCE CVE-2023-50445.
2024-01-23 14:57:29 -05:00
13d2968fad
Capitalize remaining references to Meterpreter
2024-01-23 13:11:03 -05:00
8d7907edee
Update based on @jheysel-r7 comments
2024-01-23 10:10:21 +00:00
094d6ee36b
Add additional reliability and stability notes to modules
2024-01-22 23:29:57 +00:00
919c846064
Final small updates (removed UDP and corrected typo in release date
2024-01-20 11:27:10 +00:00
06dcc82ced
Land #18630 , Add CVE-2023-50917: MajorDoMo RCE
...
Add CVE-2023-50917: MajorDoMo Command Injection Module
2024-01-19 17:10:40 -05:00
de6ed9e1d6
use get_json_document instead of JSON.parse
2024-01-18 15:35:43 +00:00
4ff399844f
By replacing the trailing ';' with a '#' we comment out the remaining portion of the command string (Thank you @jvoisin). We must also include a space character for this to work as expected, doing so also removes the need to bootstrap the Linux payloads with a separate file.
2024-01-18 10:04:38 +00:00
c74fd86961
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:46 +00:00
3bb1d2bc02
Update modules/exploits/linux/http/ivanti_connect_secure_rce_cve_2023_46805.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-18 09:18:35 +00:00
70ef0dcb0d
improve the check logic to fall through when the json doesnt have the key we expect it to have
2024-01-17 10:02:59 +00:00
518c1e5d3c
mention Pull Connect as well as the CVEs in the description
2024-01-17 10:02:11 +00:00
ad7e348eaa
remove a copy pasta link
2024-01-17 09:16:18 +00:00
f9419c4839
seperate commands into an array instead of one bog long string
2024-01-16 17:19:13 +00:00
ea1dafa353
this is a slightly nicer way to write this
2024-01-16 17:08:09 +00:00
4060e069ed
first commit of the ICS exploit
2024-01-16 14:32:48 +00:00
e7f2abbf9e
Small typo update
2024-01-14 19:26:10 +00:00
85897a2596
update adding aarch64 architecture and some new targets
2024-01-06 17:26:38 +00:00
94a84960a2
Improved check for v3.x routers to obtain exact version
2024-01-05 16:20:29 +00:00
eb902457f2
small update to module for mt6000 vuln test
2024-01-05 13:19:54 +00:00
adf455e8cb
Third release of module and documentation
2024-01-04 14:01:37 +00:00
b2312c97d3
Second release of module and documentation
2024-01-04 09:26:16 +00:00
9fdac8fd28
First release of module
2024-01-03 19:43:49 +00:00
08c5e6a689
Draft release of module. Not ready for review
2023-12-31 10:19:34 +00:00
3182cb4000
Land #18612 , Craft CMS unauthenticed RCE [CVE-2023-41892]
2023-12-22 10:59:39 +01:00
0a2dea523f
Add suggested changes
2023-12-22 00:04:54 +01:00
4c404765a4
Final update to the module based on cdelafuente-r7 comments
2023-12-21 12:06:21 +00:00
9c9af0dca1
Fix statement
2023-12-20 01:51:19 +01:00
22a05c8bf5
Add CVE-2023-50917
2023-12-20 00:43:00 +01:00
5d7cf90521
Some minor changes to the module and documentation
2023-12-18 08:23:16 +00:00
0641839e69
Added documentation and removed debug info
2023-12-17 13:10:18 +00:00
db099f8f4c
Third release of module
2023-12-16 16:06:05 +00:00
d00249f083
Second release with manual cleanup of php* files
2023-12-14 12:57:07 +00:00
ff44932113
first draft release of module
2023-12-10 21:09:40 +00:00
1438a88eb5
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-28 08:10:56 +01:00
c60da4ad58
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:33:19 +01:00
d20a1703b1
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2023-11-23 17:32:57 +01:00
9b050e29ae
Add suggested changes
2023-11-22 00:53:12 +01:00
fff8d20eb8
Add suggested changes
2023-11-22 00:50:57 +01:00
2750deedee
Update
2023-11-21 18:28:28 +01:00
218f652429
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-21 17:08:55 +01:00
58425df0ef
Update vinchin_backup_recovery_cmd_inject exploit and documentation
2023-11-21 02:09:24 +01:00
d59d5e5524
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:07:04 +01:00
4e1ec6484a
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:51 +01:00
8eb1f61217
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:41 +01:00
223cb245ba
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:06:05 +01:00
13b19ba537
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:54 +01:00
00cc8dcc09
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:45 +01:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
7482948ab7
Fix
2023-11-09 20:05:39 +01:00
Jack Heysel