c151b93ba4
Fix up clarity and spelling issues in module and documentation
2020-04-13 16:28:39 -05:00
b7a1fbdde2
Fixed documentation and login method
2020-04-13 18:55:56 +03:00
706a395bc0
Fixed 2nd round of suggested changes
2020-04-13 11:22:02 +03:00
d906c3dc77
Fixed reviews suggestions
2020-04-11 14:38:19 +03:00
eb7d2f821d
Adding CVE number
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
5d04c2b4a5
Adding documentation and module description
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
7c2f65da36
Adding vestacp exec
...
Signed-off-by: Mehmet İnce <mehmet@mehmetince.net >
2020-04-11 12:22:17 +03:00
a0c472b039
add comments about reference table
2020-04-09 23:01:27 +07:00
600f4efe4a
Fix advisory link
2020-04-09 19:05:49 +07:00
4ae9c65ecf
Optimise exploit
2020-04-09 18:15:27 +07:00
a90d745fa4
Fix typo and make it Aggressive
2020-04-08 20:05:19 +07:00
d6755b7221
Remove SSL option
...
Busybox wget on the target doesn't support https connections.
2020-04-08 14:49:49 +02:00
33e1c8ffdb
Fix issues
2020-04-08 12:26:37 +07:00
e2e69a5053
Adding exploit for tplink_archer_a7_c7_lan
2020-04-07 19:57:34 +02:00
7934d1de09
Land #13098 , add Pandora FMS module
2020-04-06 11:42:24 -05:00
a3c07b7cc1
use nospace opt, fix regex, iterate id_agente
2020-04-06 11:34:13 -05:00
92fb321f9f
Satify the msftidy_docs.
2020-03-28 11:46:55 +08:00
4b1762081f
Renane module to redis_extension_cmd_exec.
...
Fix #12143
2020-03-28 11:37:18 +08:00
5f0c9942d2
Land #12756 , add dlink dwl2600 exploit
2020-03-27 12:38:35 -05:00
8aa4d7a944
remove mixins, add CVE
2020-03-27 12:37:40 -05:00
bb21c8f6d8
Finishing Touches on DLINK DWL 2600 Module
...
These last finishing touches complete the DLINK DWL 2600 Module. The
fixes include making renaming token to @token and adding the noconcat
CmdStager option.
2020-03-26 20:13:55 -05:00
dc9e215318
remove unused code / add option
2020-03-26 16:05:56 -05:00
f191eb00c9
add command stager
2020-03-26 16:05:56 -05:00
5ce4929834
Fix has_check? conflict in redis_unauth_exec
...
Importing `Msf::Auxiliary::Scanner` at all will override the default
`has_check?` check and add a its own `check` method. This redefines
`has_check?` to allow usage of the Redis mixin while using an
exploit-style `check` method.
Fixes #13095
2020-03-25 10:07:08 -05:00
9954fae7ff
Update pandora_ping_cmd_exec.rb
2020-03-23 21:44:33 +03:00
b1fb946533
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:29:23 +03:00
8ba7b05eb7
Update modules/exploits/linux/http/pandora_ping_cmd_exec.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 17:27:00 +03:00
98fdcedf40
Apply suggestions from space-r7 code review
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-23 14:08:12 +01:00
88ea6b527a
Apply suggestions from code review
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-23 09:48:00 +01:00
4e81b7b969
Fix indent
2020-03-21 16:12:23 +01:00
58780c6db9
Update Unraid 6.8.0 exploit module
...
- Changed exploit name
- Set Privileged to true
- Better error handling
- Typo fixes
2020-03-21 11:44:35 +01:00
401e000892
Add Unraid auth bypass to RCE exploit
...
Unraid is an operating system for personal and small business use that
brings enterprise-class features letting you configure your computer
systems to maximize performance and capacity using any combination of
applications, VMs, storage devices, and hardware.
This module exploits an authentication bypass vulnerability that leads
to remote code execution as root.
2020-03-20 15:13:54 +01:00
5ccda4b567
Added Pandora FMS 7.0NG exploit
...
Pandora FMS (for Pandora Flexible Monitoring System) is software for
monitoring computer networks. Pandora FMS allows monitoring in a visual
way the status and performance of several parameters from different
operating systems, servers, applications and hardware systems such
as firewalls, proxies, databases, web servers or routers.
This module exploits a vulnerability found in Pandora FMS 7.0 NG and lower.
The vulnerability exists on the `net_tools.php` component, due to the insecure
usage of the `system()` PHP function.
2020-03-19 22:50:00 +03:00
922f1ec708
Land #12901 , add Centreon poller rce
2020-03-17 12:16:29 -05:00
2717683825
change message
2020-03-17 12:15:06 -05:00
98f4642c2d
remove comments / check
2020-03-17 10:33:12 -05:00
5d9d3926e4
Land #13066 , add rConfig 3.9 RCE module
2020-03-16 11:18:59 +00:00
0efe53d869
fix somes code review comments.
2020-03-15 13:30:23 +04:00
ff2421163b
Fix Travis-CI errors
2020-03-13 10:42:40 +01:00
5bbabd6f2a
Add tips to description.
2020-03-13 10:03:27 +01:00
7874308fae
Last typo fixes. No priv required on webapp.
2020-03-13 09:18:50 +01:00
a8e881452b
Add greetz to my colleagues who tested this module
2020-03-13 06:42:48 +01:00
885c8b8a56
Fix formatting issues, and add EDB link for SQLi
2020-03-12 16:17:53 +01:00
e6b9610841
Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb
...
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2020-03-12 15:59:09 +01:00
2cac8f4e3a
Update modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb
...
Co-Authored-By: acammack-r7 <adam_cammack@rapid7.com >
2020-03-12 15:58:38 +01:00
3f7aed3c0a
Fix Travis-CI errors
2020-03-12 13:44:47 +01:00
60d86cf25d
Update rconfig_ajaxarchivefiles_rce.rb
2020-03-12 11:44:05 +01:00
94f082fe4a
Create rconfig_ajaxarchivefiles_rce.rb
2020-03-12 11:41:12 +01:00
7c54066b0e
Land #13004 , Nagios XI RCE module
2020-03-09 15:57:58 +01:00
96ae2cf9a2
Incorporate additional suggestions from code review.
2020-03-09 11:56:15 +02:00
gwillcox-r7