768fb7d3a7
remove cwe-74 from cmsms
2020-11-10 11:43:42 -05:00
65e1ef4cb8
Land #14253 , add wp-file-manager rce for wordpress
2020-11-10 08:48:33 -06:00
4382f6ff55
add filedropper usage
2020-11-10 08:47:53 -06:00
e7a20ec47c
Add CVE ID to module and docs
2020-11-05 07:05:32 -05:00
a0087842fb
Fix an earlier merge mistake, was meant to replace URI.escape with Rex::Text.uri_encode() but instead replaced it with CGI.escape. Fix it to be Rex::Text.uri_encode()
2020-11-04 14:39:16 -06:00
d50ac2972d
Land #14222 , Update php_fpm_rce.rb to replace depreciated URI.encode calls with Rex::Text::uri_encode
2020-11-04 14:04:28 -06:00
79e83cdceb
add rubocop change
2020-11-04 10:09:00 -06:00
e49d99a80d
add AutoCheck usage, minor changes
2020-11-04 10:04:14 -06:00
cf954888da
Add horizontcms_upload_exec module and documentation
2020-11-02 13:01:13 -05:00
bb9464801e
Make changes suggested in review
...
* Add better explanation of public-api-port option in documentation
* Add example in scenarios where admin API is on different host to
public API (therefore public-api-port option must be used)
* Add targeturi option
* Add version number that has been tested in 2 places in documentation
2020-10-27 21:13:45 +00:00
d6a91f8965
Remove some unnecessary comments
2020-10-16 00:34:12 +08:00
8d02a1a4c6
Use Rex::MIME for building MIME message
2020-10-16 00:26:10 +08:00
8d43fa4848
Module can now use mkfile+put method to exploit vulnerability.
2020-10-15 17:46:40 +08:00
a8341d72ae
skip cleanup when using check method
2020-10-14 17:17:09 +01:00
97f9c67ff1
Use class's cleanup method
2020-10-14 16:25:42 +01:00
f6b5053666
Add exploit/multi/http/kong_gateway_admin_api_rce
2020-10-13 16:56:34 +01:00
b9df68cbb6
Fix module according to Rubocop, make documentation follow standard.
2020-10-11 19:04:06 +08:00
57b0f30e37
Add new module for WordPress File Manager unauth RCE (CVE-2020-25213)
2020-10-11 01:20:28 +08:00
a2675c13e8
Land #14213 , Add disclosure date rubocop linting rule - enforce iso8601 disclosure dates
2020-10-07 12:09:59 -05:00
a1164dbe9e
Update php_fpm_rce.rb
...
URI.encode/URI.escape is obsolete. Replaced with CGI.escape.
2020-10-05 11:57:17 -04:00
15bb690308
fix vulnerability spelling
2020-10-04 13:00:48 -04:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
26ff912291
Fix invalid disclosure date formats
2020-10-02 12:20:05 +01:00
80b94334f2
ghetto force java
2020-09-30 16:58:12 -05:00
33b3d6efcc
Use register_for_cleanup instead of on_new_session for cleanup
2020-09-25 08:11:02 -04:00
5b48bae4b0
Use keep_cookies instead of @cookie variable
2020-09-24 16:36:01 -04:00
45d13bf85e
Simplify shash checks, use cgi request instead of raw, fix ctype header placement
2020-09-24 07:49:55 -04:00
e026c74108
Improve Failure:: categories and remove empty parameters from POST requests
2020-09-23 13:27:19 -04:00
1133f76722
Improve feedback when authentication fails
2020-09-23 07:51:11 -04:00
e65083c092
Add maracms_upload_exec.rb exploit module and docs
2020-09-22 16:53:29 -04:00
a6f7c0c0de
Backport miscellaneous fixes to my modules
2020-08-14 13:40:23 -05:00
f401f48138
Update vbulletin module with correct CVE
...
Apparently someone snarfed the CVE for this out from under me. Since they were faster
to publish, we should use that number instead of the one out of our block.
2020-08-14 08:25:57 -05:00
24b1235cf7
Whitespace adjustment and remove superfluous return statements
2020-08-12 13:59:25 -04:00
0b1efd0fe9
Update modules/exploits/multi/http/vbulletin_widget_template_rce.rb
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2020-08-12 09:33:16 -07:00
e334217636
Fix from bad merge for vbulletin_widget_template_rce module.
2020-08-11 19:09:14 -05:00
8db34ea91b
vBulletin_widget_template_rce merge
2020-08-11 18:40:09 -05:00
3ef01c468f
Ran vBulletin_widget_template_rce through rubocop, cleaned up results.
2020-08-11 18:38:41 -05:00
19618d9bd2
Add CVE-2020-7373 in the references
2020-08-11 14:22:11 -05:00
0dab52ef35
A few last changes from msftidy and msftidy_docs.
2020-08-09 18:25:13 -05:00
661e2a680b
Initial push of exploit and module for vbulletin_widget_template_rce vulnerability.
2020-08-09 17:38:52 -05:00
2ca508c08e
Further edits for RuboCop and msftidy_docs.rb compliance
2020-08-06 11:18:39 -05:00
5c6530d9e5
Update module description and documentation to have a better description of what is going on and to also fix further copies of the typos that were pointed out.
2020-08-06 10:50:47 -05:00
41e22992ff
typo and touch-ups to desc
...
typo and touch-ups to desc
2020-08-04 16:59:57 -06:00
768d104f12
randomize os, delete payload
2020-07-28 17:19:26 -05:00
99cf54977f
rubocop
2020-07-28 16:48:32 -05:00
c79c9fc280
reverse xor arguments
2020-07-28 16:47:35 -05:00
26f869f860
Update modules/exploits/multi/http/baldr_upload_exec.rb
2020-07-28 11:07:46 +03:00
fb745f78cc
Update modules/exploits/multi/http/baldr_upload_exec.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-07-28 10:53:16 +03:00
5d49367726
Update modules/exploits/multi/http/baldr_upload_exec.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-07-28 10:52:37 +03:00
fef9a23692
Update modules/exploits/multi/http/baldr_upload_exec.rb
...
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-07-28 10:51:03 +03:00
h00die