adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
William Vu 2f37482535 Land #10278, gitlist_arg_injection fixes 2018-07-12 19:03:52 -05:00
asoto-r7 1a3a4ef5e4 Revised 88 aux and exploit modules to add CVEs / references 2018-07-12 17:34:52 -05:00
Shelby Pace 1ded8ffb29 Land #10260, Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 2018-07-11 11:10:52 -05:00
Shelby Pace 10cd6c99d9 Land #10231, Monstra Fileupload Exec 2018-07-10 14:23:15 -05:00
Shelby Pace 07dca243ff changed grammar, removed redundant code 2018-07-10 14:13:57 -05:00
Shelby Pace 171fa562a3 added parsing for repos in Gitlist source 2018-07-10 11:32:46 -05:00
Shelby Pace 5776b64a1b modified exploit 2018-07-09 13:56:33 -05:00
Shelby Pace f5e40b14a3 removed double eval as suggested 2018-07-09 13:24:31 -05:00
Jacob Robles 4f039de2fc Fix CVE numbers 2018-07-09 13:22:08 -05:00
Shelby Pace 44b9798afb modified regex, id=filesmanager lines 2018-07-09 10:55:29 -05:00
Jacob Robles bf24ce847a Fix token issues 2018-07-09 09:29:11 -05:00
Touhid M Shaikh bc33078e01 fixed comma 
fixed comma
 2018-07-09 12:27:58 +05:30
Touhid M Shaikh 6f6ad86e2c fix tab 
fix tab and space.
 2018-07-09 11:49:11 +05:30
Wei Chen 5fc5a47cd2 Update CVE references for exploit modules 
These are based on cross references by EDB, OSVDB, module short
name, blog post and BID.
 2018-07-08 18:46:04 -05:00
Touhid M Shaikh 4a835b2493 fix warning, and version 
fix warning, and version and indentation
 2018-07-07 17:27:09 +05:30
Wei Chen 82c74eb765 Small changes 2018-07-06 14:25:58 -05:00
Shelby Pace b1456df757 made suggested changes 2018-07-06 12:48:38 -05:00
Jacob Robles fe1b17684a Add Targets and Session file inclusion 2018-07-06 12:17:26 -05:00
Shelby Pace 5d0652fab1 changed inconsistent capitalization 2018-07-05 15:56:41 -05:00
Shelby Pace 2b452d5681 added documentation and check 2018-07-05 15:47:21 -05:00
Jacob Robles cb078b9586 Drop database 2018-07-05 14:58:30 -05:00
Jacob Robles 43096d9d78 Add phpMyAdmin v4.8.1/4.8.0 LFI RCE 
Module and Doc
 2018-07-05 13:33:35 -05:00
Shelby Pace 507fd22958 added http post and generating payload 2018-07-05 13:21:22 -05:00
Shelby Pace 7d0b8dee4a making request for Gitlist source 2018-07-03 14:27:46 -05:00
Ishaq Mohammed 70eb943b5a Update monstra_fileupload_exec.rb 2018-06-30 13:40:12 +05:30
Ishaq Mohammed 89ba960309 username and password values removed 
username and password values removed
 2018-06-30 12:47:13 +05:30
Ishaq Mohammed 128438f444 Merge pull request #2 from touhidshaikh/monstra_fileupload_exec 
Monstra fileupload exec
 2018-06-30 12:03:14 +05:30
Touhid M Shaikh f3e3d0c30b monstra_fileupload_exec.rb 
Monstra CMS - Authenticated  Arbitrary File Upload / Remote Code Execution CVE 2017-18048
 2018-06-28 10:55:41 +05:30
Jacob Robles 00102a7413 oscommerce msftidy fix 2018-06-26 08:21:10 -05:00
Jacob Robles cb50d0fade Land #9825, Add 'phpMyAdmin Authenticated Remote Code Execution' 2018-06-18 08:51:53 -05:00
Jacob Robles 2e2ded22fc Use Gem::Version 
Simplify version comparisons
 2018-06-18 08:35:47 -05:00
Jacob Robles 122ea2ddcb Update module, Add docs 
Changed the module to an exploit module and
added documentation.
 2018-06-18 07:33:05 -05:00
Touhid M Shaikh 12457d14f7 vTiger CRM v6.3.0 (CVE:2015-6000,CVE:2016-1713) 
an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file.
 2018-05-19 01:13:10 +05:30
William Vu 739d58135f Move EXE generation in struts_code_exec_parameters 2018-05-16 06:15:40 -05:00
William Vu 6ec0272ff5 Land #8727, CVE-2017-9791 exploit 2018-05-16 05:41:26 -05:00
William Vu eaec1d7486 Clean up module 2018-05-16 05:39:17 -05:00
Jacob Robles 9811de430c Land #9878, Add MSF module for EDB 6768, Mantis <= v1.1.3 Post-auth RCE 2018-05-09 11:55:22 -05:00
Jacob Robles a1fed72423 store credential, use vprints 2018-05-09 11:50:07 -05:00
Jacob Robles a18459a14c Fix indentation, documentation update 2018-05-07 09:22:21 -05:00
Touhid M Shaikh 235cac621f playsms_CVE-2017-9101 
playsms_CVE-2017-9101
 2018-05-07 18:55:22 +05:30
Touhid M Shaikh 74793efdef Delete playsms_uploadcsv_exec.rb 2018-05-07 18:54:35 +05:30
Touhid M Shaikh fefaa45a50 playsms_CVE-2017-9101 
playsms_CVE-2017-9101
 2018-05-07 18:53:07 +05:30
Jacob Robles 222b1fb27c Land #9944, playsms_filename_exec.rb 2018-05-07 07:43:16 -05:00
Jacob Robles 601411fe7b store credentials 2018-05-07 07:26:28 -05:00
Jacob Robles 4b8ceab522 Fix indentation, update documentation 2018-05-07 07:22:53 -05:00
Touhid M Shaikh 71d6841471 updated 
indentation and fix CVE
 2018-05-04 21:33:07 +05:30
Touhid M Shaikh aa69fc9e77 updated 
print_status to vprint_status
 2018-05-04 21:13:26 +05:30
Touhid M Shaikh e824f0f8b0 updated 
added CVE, URL and done randomizing content
 2018-05-04 21:00:04 +05:30
Jacob Robles d6cf32fad8 Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-02 07:29:15 -05:00
Lars Sorenson 2ca05ee7c1 Remove explicit EDB url in favor of MSF autogenerated one 
Use more appropriate Failwith errors for connection issues
Remove an unnecessary `to_s` call
Use the cookie kwarg for send_request_cgi over explicitly setting a header
 2018-04-29 22:24:49 -04:00