adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58,321 Commits 27 Branches 1,043 Tags
339c1941efdbe265cfe586f11f1da2d000c19d44
Commit Graph

88 Commits

Author SHA1 Message Date
EgiX d62b8d16c6 Update opensis_chain_exec.md 2020-07-03 17:43:10 +02:00
EgiX ab703f376b Create opensis_chain_exec.md 2020-07-01 23:51:17 +02:00
William Vu b81629d099 Clean up module 2020-06-28 23:07:10 -05:00
William Vu 72dbbedcfc Clean up module doc 2020-06-26 11:25:41 -05:00
William Vu 7273ac1a92 Move module to unix/webapp 2020-06-25 12:44:42 -05:00
gwillcox-r7 d2b196f172 Land #13353, Trixbox CE endpoint_devicemap.php Authenticated RCE 2020-05-04 16:11:05 -05:00
Anastasios Stasinopoulos 18ebf5efa6 Trixbox CE <= v2.8.0.4 Authenticated RCE 
This module exploits a post-authentication OS command injection vulnerability found in Trixbox CE <= v2.8.0.4 which may allow arbitrary command execution on the underlying operating system.
 2020-05-04 15:58:38 -05:00
William Vu 4d635cdcfc Update module doc 2020-05-01 04:28:17 -05:00
William Vu c5df5355ac Update my module documentation to the new standard 
Also update CheckModule to match current style and best practices.
 2020-04-20 20:06:52 -05:00
William Vu 994097b410 Update all my module docs to use "options" 2020-04-15 15:47:51 -05:00
William Vu 0c3080c318 Add ThinkPHP Multiple PHP Injection RCEs 2020-04-13 02:21:01 -05:00
h00die e7da6e77a5 remove and check for instruction text 2020-03-24 09:15:04 -04:00
Christophe De La Fuente f9077bcd8d Land #12704, OpenNetAdmin 18.1.1 Remote Code Execution exploit 2020-02-21 15:49:26 +01:00
Onur ER e4456c9006 Update opennetadmin_ping_cmd_injection.md 2020-02-21 04:14:21 +03:00
Onur ER 1fe1506b42 Update documentation/modules/exploit/unix/webapp/opennetadmin_ping_cmd_injection.md 
Co-Authored-By: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com>
 2020-02-21 03:06:56 +03:00
Adam Galway 65521270ea Land #12853, InfiniteWP exploit & mixin upgrades 2020-02-10 11:33:49 +00:00
William Vu eab1245eef Update module doc 2020-02-07 12:30:00 -06:00
William Vu 763dbf5d5d Check WordPress version 2020-02-07 03:14:17 -06:00
William Vu 6c59d7c37c Refactor module 2020-02-07 01:38:11 -06:00
William Vu 68565f575f Update module doc 2020-02-06 14:55:41 -06:00
William Vu 2fc1eb10a8 Add verification steps to module doc 2020-01-22 17:16:41 -06:00
William Vu 10a5e9292e Add description header to module doc 2020-01-22 17:08:26 -06:00
William Vu 88b72e6f2e Update module doc to new standard 2020-01-22 16:48:23 -06:00
tperry-r7 3518b9465c Merge pull request #12831 from h00die/doc_cleanup 
Documentation standardization. This is the first step in standardizing the module documentation.
 2020-01-22 14:53:12 -06:00
William Vu 972cb545f0 Restore the original PLUGIN_FILE contents 2020-01-18 14:57:41 -06:00
William Vu cbd949927d Add WordPress InfiniteWP Client plugin exploit 2020-01-17 20:12:21 -06:00
h00die 947102e2fe sample output to scenarios 2020-01-16 11:15:06 -05:00
h00die b2e0950bba caps 2020-01-16 11:09:29 -05:00
h00die 3a4209a092 verification to verification steps 2020-01-16 10:41:12 -05:00
William Vu 5c4189fdb4 Move unix/webapp/webmin_backdoor to linux/http 2020-01-14 00:50:04 -06:00
Onur ER 3be3a398ae Update and rename documentation/modules/exploit/linux/http/opennetadmin_ping_cmd_injection.md to documentation/modules/exploit/unix/webapp/opennetadmin_ping_cmd_injection.md 2019-12-14 16:33:13 +03:00
dwelch-r7 41569b78ba Land #12503, Add exploit module for Ajenti 2.1.31 2019-12-01 16:13:06 +00:00
Christophe De La Fuente 373d147efd Land #12555 - Wordpress Plainview Activity Monitor RCE 2019-11-29 11:10:24 +01:00
Onur ER f93fda79f6 Add Module Documentation 2019-11-18 20:25:56 +03:00
sinn3r 5c6686a105 Land #12532, Add FusionPBX Command exec.php Command Execution 
Add FusionPBX Command exec.php Command Execution
 2019-11-13 11:33:21 -06:00
sinn3r 66ad5deb47 Land #12531, Add FusionPBX Operator Panel exec.php Command Execution 
Add FusionPBX Operator Panel exec.php Command Execution
 2019-11-13 11:31:30 -06:00
lle-bout 1d7cdac421 Add Wordpress Plainview Activity Monitor RCE 
Description:

```
Plainview Activity Monitor Wordpress plugin is vulnerable to OS
command injection which allows an attacker to remotely execute
commands on underlying system. Application passes unsafe user supplied
data to ip parameter into activities_overview.php.
Privileges are required in order to exploit this vulnerability, but
this plugin version is also vulnerable to CSRF attack and Reflected
XSS. Combined, these three vulnerabilities can lead to Remote Command
Execution just with an admin click on a malicious link.
```
 2019-11-10 08:27:45 +01:00
Brendan Coles 6dc94bbca9 Update documentation 2019-11-02 22:37:56 +00:00
Brendan Coles f5afbe7104 Update documentation 2019-11-02 22:35:58 +00:00
Brendan Coles 89b277c360 Add documentation 2019-11-01 23:38:59 +00:00
Brendan Coles 08d51acd18 Update targets 2019-11-01 20:33:23 +00:00
Brendan Coles 73a8381639 Add documentation 2019-11-01 20:12:03 +00:00
Brendan Coles f3bc8580c0 Add documentation 2019-10-29 15:59:18 +00:00
William Vu ade9c23772 Don't be lazy and spell out "introduction" in docs 
This was unfortunately my doing, and then people copied me.
 2019-09-30 16:58:00 -05:00
William Vu d56e7d47b5 Add "analysis" 2019-08-21 17:05:40 -05:00
William Vu 856bf22597 Add module doc 2019-08-21 16:56:23 -05:00
Brendan Coles a0538a9613 Add Xymon useradm Command Execution module 2019-07-02 14:04:07 +00:00
William Vu 4dc2a86b7b Update module doc 2019-04-11 12:21:48 -05:00
Jacob Robles 82f0c9e9ee Land #11385, Add Webmin Upload Exec 2019-03-15 08:15:49 -05:00
Jacob Robles 5abfc2c136 Add Module Doc 2019-03-14 13:46:34 -05:00