adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

6278 Commits

Author SHA1 Message Date
Jake Baines 9758251278 Initial commit of CVE-2021-37343 2022-02-05 18:21:18 -08:00
Spencer McIntyre e2c91ebf30 Land #16010, zabbix_script_exec improvements 
This updates the zabbix_script_exec module to work with versions 5.0 and
newer as well as adds a new item-based execution technique.
 2022-02-04 15:13:13 -05:00
Spencer McIntyre ae278d0568 Cleanup some minor typos 2022-02-04 15:12:57 -05:00
Spencer McIntyre dd64dcf074 Finish the PetitPotam module with docs 2022-02-04 13:12:08 -05:00
lap1nou 8838d9cb66 Added timeout system, fixed a bug with TLS_PSK, linted 2022-02-04 04:01:23 -08:00
h00die 11c67ce7d7 wp_modern_events_calendar_sqli 2022-02-02 19:21:42 -05:00
lap1nou 645ef5e71f Fixed few bugs 2022-02-02 14:30:02 -08:00
Spencer McIntyre 7c987a452d Land #16130, Wordpress RegistrationMagic sqli 2022-02-02 10:50:13 -05:00
Spencer McIntyre dda6c53144 Fix table alignment 2022-02-02 10:48:58 -05:00
lap1nou de32cc0e97 Linted with Rubocop, factorized API call, fixed some grammmar 2022-02-01 13:29:30 -08:00
h00die 00c1ac4da9 updated docs for registrationmagic 2022-02-01 16:17:36 -05:00
space-r7 837fdf7c5e Land #16128, add cisco rv unauth rce 2022-02-01 10:34:57 -06:00
Jake Baines 78312fb300 Update documentation/modules/exploit/linux/http/cisco_rv_series_authbypass_and_rce.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-02-01 06:41:26 -05:00
h00die b71f9e7e45 wp_plugin RegistrationMagic sqli 2022-01-30 16:08:06 -05:00
Jake Baines 3371051f11 Switch to using the sqli library 2022-01-30 05:16:01 -08:00
Jake Baines 3f719474b2 Merge branch 'grandstream_CVE_2020_5724' of github.com:jbaines-r7/metasploit-framework into grandstream_CVE_2020_5724 2022-01-30 03:48:37 -08:00
Jake Baines 65c296818f Addressed review items 2022-01-30 03:48:31 -08:00
Jake Baines f9c113f63d Addressed various review items 2022-01-30 03:42:15 -08:00
Jake Baines ccedcfefab Added exploit for CVE-2021-1472/CVE-2021-1473 2022-01-29 18:56:53 -08:00
Brendan Coles feebf25ad4 Add support for GXV3140 models and ARCH_CMD busybox telnetd payload 2022-01-29 19:38:57 +00:00
Brendan Coles a4fcddca8e Rename to grandstream_gxv31xx_settimezone_unauth_cmd_exec 2022-01-29 19:24:09 +00:00
Spencer McIntyre 919185257d Update the URL to the archive for struts2 2022-01-28 16:17:48 -05:00
Dhiraj Mishra 97d83f3fd5 cve_2021_4034_pwnkit_lpe_pkexec.md 2022-01-27 18:32:46 +04:00
Grant Willcox 44f040ad78 Land #16056, Exploit Module for Grandstream UCM62xx IP PBX (CVE-2020-5722) 2022-01-24 21:03:46 -06:00
Grant Willcox 15751a0f78 Minor langauge fix and final typo 2022-01-24 21:01:34 -06:00
Jake Baines 2c989ec714 Addressed multiple review comments (spelling, doc details, randomization, etc) 2022-01-22 14:09:58 -08:00
Jake Baines a253470623 Update grandstream_ucm62xx_sql_account_guess.md 
Fix spelling
 2022-01-22 15:54:40 -05:00
Jake Baines 642b04ca45 Merge branch 'rapid7:master' into grandstream_CVE_2020_5724 2022-01-22 15:38:55 -05:00
Jake Baines e7198f7e20 Module for dumping the users table from Grandstream UCM62xx IP PBX before 1.20.22 2022-01-22 04:10:35 -08:00
Spencer McIntyre 458d584f83 Add details to check codes and PR feedback 2022-01-21 09:40:23 -05:00
Spencer McIntyre 579627f5c7 Update docs, note OS X support 2022-01-20 10:47:11 -05:00
Spencer McIntyre ba469a4b2c Add version detection to the Unifi exploit 2022-01-20 09:26:48 -05:00
Spencer McIntyre ef344d9d12 Add the Unifi Log4Shell RCE exploit 2022-01-19 17:51:31 -05:00
bwatters 4cf3ae352c Land #16050, Log4Shell: vCenter RCE 
Merge branch 'land-16050' into upstream-master
 2022-01-19 16:30:33 -06:00
Grant Willcox 8bb3e39fd7 Land #16036, Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution 2022-01-19 10:58:42 -06:00
Brendan Coles ee2feb1207 Add Grandstream GXV3175 'settimezone' Unauthenticated Command Execution 2022-01-19 00:04:15 +00:00
Jake Baines 4ebb702405 Added an exploit for Grandstream UCM62xx IP PBX (CVE-2020-5722) 2022-01-15 12:46:56 -08:00
Spencer McIntyre 3f04b80d8b Add vCenter Log4Shell docs 2022-01-13 14:50:28 -05:00
Christophe De La Fuente e10331b22d Land #15656, Allow authenticated user creation in vmware_vcenter_vmdir_auth_bypass 2022-01-13 17:04:12 +01:00
space-r7 435e79aaef Land #16041, add SonicWALL cmd injection 2022-01-12 13:23:57 -06:00
Christophe De La Fuente b0743e15d9 Update documentation and fix vulnarable/non-vulnerable status message 2022-01-12 16:51:40 +01:00
space-r7 199eae5e99 Land #16012, add pi-hole aux module and lib 2022-01-12 09:21:11 -06:00
space-r7 bb00575acb add command for starting docker env 2022-01-11 17:07:36 -06:00
Spencer McIntyre 877bab6f2a Land #15969, Log4j2 HTTP Header Injection Exploit 2022-01-11 16:52:08 -05:00
Spencer McIntyre 7b64383040 Preemptively tweak references to ysoserial 2022-01-11 16:25:21 -05:00
Jake Baines d4ee9a0183 Initial commit of CVE-2021-20039 exploit 2022-01-10 12:43:50 -08:00
lap1nou 53c2400be9 Added cleaning procedure + fixed few mistakes/error mesage, removed unused docs 2022-01-08 10:56:31 -08:00
lap1nou ccc90b0330 Linted doc+module, added support for 6.x version, aded support for TLS and item RCE, improved payload management 2022-01-07 17:40:15 -08:00
Spencer McIntyre 3f15c9ecc1 Writeup the module docs 2022-01-07 17:30:39 -05:00
h00die 4df91dd3ec f5 big-ip module and doc updates 2022-01-07 12:17:43 -05:00