adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
Shelby Pace 38ae82155e modify info, fix spacing 2021-07-26 09:43:34 -05:00
Shelby Pace 9e95eb7be1 Land #15408, add Wordpress sp doc file upload 2021-07-23 12:36:29 -05:00
Shelby Pace d207f994c0 modify doc description 
randomize form data, formatting
 2021-07-23 12:33:41 -05:00
Hakyac 0f8e256d52 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:57 +02:00
Hakyac 13678f5140 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:12:51 +02:00
Hakyac 9cdddac5cd Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:26 +02:00
Hakyac 877ac006f8 Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:11:21 +02:00
Hakyac 73995ac8d1 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:44 +02:00
Hakyac 5e2776411d Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:25 +02:00
Hakyac 8a3f5affe8 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-23 10:09:13 +02:00
Yann Castel a3e5bd527b use of vars_get + delete payload after use 2021-07-21 09:59:05 +02:00
Hakyac 53214e8792 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:46 +02:00
Hakyac 09ca7751c0 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:38 +02:00
Hakyac 815a6d4d95 Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:41:28 +02:00
Yann Castel c169c78f03 use of vars_get 2021-07-21 09:38:36 +02:00
Hakyac 7e3281dfcf Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:08:30 +02:00
Hakyac 40220052da Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-21 09:07:12 +02:00
Shelby Pace 79d49a6857 Land #15402, add Wordpress Backup Guard rce 2021-07-20 15:53:57 -05:00
Shelby Pace f738383b98 rename docs, modify privileged to false 
use vars_get in upload request
 2021-07-20 15:31:38 -05:00
Yann Castel 4a9bef2e9f various suggestions 2021-07-20 19:10:39 +02:00
Yann Castel 010d3e5a4a various suggestions 2021-07-20 18:22:37 +02:00
Hakyac 2bf1c1ac26 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:28:01 +02:00
Hakyac 7c14882510 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:27:40 +02:00
Hakyac 2c51c2b6e4 Update modules/exploits/multi/http/wp_plugin_backup_guard_rce.rb 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2021-07-20 09:27:09 +02:00
Hakyac ce9a00492c Update modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-07-20 09:11:58 +02:00
Hakyac 5bf1a7847e Update modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2021-07-20 09:09:23 +02:00
Hakyac f78c503f9f Update wp_plugin_sp_project_document_rce.rb 2021-07-20 09:04:12 +02:00
William Vu aebdc0ddfc Update module credits 
Clarified contributions.
 2021-07-14 15:10:25 -05:00
Yann Castel 4d016a3521 correct CVE id 2021-07-12 14:35:47 +02:00
Yann Castel 6934ec7d18 initial commit 2021-07-12 14:25:38 +02:00
Yann Castel f886ff0a22 now using Metasploit's Wordpress lib 2021-07-12 11:00:43 +02:00
Yann Castel 5cd32cdb36 add references + worpress website check 2021-07-12 10:46:58 +02:00
Yann Castel 20a8aac286 now using Metasploit's Wordpress lib 2021-07-12 10:10:34 +02:00
Grant Willcox 02ecc22751 Land #15386, Add module for CVE-2021-35464; pre-auth RCE in ForgeRock AM (and OpenAM) server 2021-07-09 17:01:25 -05:00
Spencer McIntyre fba838f4e8 Update docs, pin version and fix the check method 2021-07-09 16:39:58 -04:00
Grant Willcox 89b36bd1b8 Fix a small error in the logic so that we check the response body vs the response itself as per wvu's comment 2021-07-09 12:26:57 -05:00
Yann Castel 920b88a2bd initial commit 2021-07-09 11:49:53 +02:00
Grant Willcox 8b3d057e9e Address Spencer's comments by adding in an extra nil check and removing an unneeded library import 2021-07-08 13:07:51 -05:00
Yann Castel 38cdad47c0 initial commit 2021-07-08 16:53:37 +02:00
William Vu fc1a34d7b1 Improve here doc formatting 2021-07-08 01:19:21 -05:00
Spencer McIntyre a0bd903b50 Update module docs and the TARGETURI option 2021-07-06 15:52:50 -04:00
Spencer McIntyre bfc45359ff More documentation updates and address PR feedback 2021-07-06 11:27:06 -04:00
bwatters 0a43ec7e4a Add module for CVE-2021-35464; pre-auth RCE in ForgeRock OpenAM server 2021-07-02 16:05:39 -05:00
Grant Willcox 5b274770ef Update exploit code to add missing slashes to certain important parts of the code where the exploit might fail if a custom path is supplied, and also improve the error handling in the code overall 2021-06-14 15:02:38 -05:00
0xShoreditch 8eddecc858 Update apache_activemq_upload_jsp.rb 
Corrected a minor error where the URI and filesystem path were not separated.
 2021-06-13 07:27:56 +01:00
Grant Willcox 47633ac9e6 Land #15205, Fix TLS bug for gitlab file read RCE module to work on TLS enabled GitLab servers 2021-05-18 16:02:04 -05:00
William aee65a6d8d Fix indentation 2021-05-17 23:31:49 +08:00
William 5e04eec4fc Update fix 
Changing the regex to solve the bug

Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2021-05-17 23:27:12 +08:00
William e0f6700a7e Add empty line 2021-05-17 23:10:29 +08:00
William ce4748494a Fix whitespace issue 2021-05-17 23:07:05 +08:00