ce099aea76
playsms_filename_exec.rb
...
PlaySMS sendfromfile.php Authenticated "Filename" Field Code Execution
2018-04-28 01:15:52 +05:30
143fdde1f8
Flipped Safe and Appears in check
2018-04-15 12:10:10 -04:00
60ac89c336
Restructure some logic to make the flow more intuitive
2018-04-14 15:03:12 -04:00
36c1bf5453
Remove a missed tab
2018-04-14 10:30:49 -04:00
083f6936fd
Update for @bcoles review
...
Refactor version checking to use Gem::Version
Change the title of the exploit to fit convention
Change print statements used in check to vprint
Change fail_with Failure for connection issues to be Unknown instead
of NoAccess
Add CVE reference
Refactor how some nil checking is done for response for
send_request_cgi
Text-wrap description to 80 chars
Remove unnecessary string interpolation for cookie in payload
delivery
Change how the payload cradle is escaped and encoded; switch to HTTP
POST for stealth
Remove nil check that is redundant and also typo'd to
2018-04-14 10:24:05 -04:00
486ab7c776
Update for msftidy and contribution guidelines
2018-04-14 09:20:13 -04:00
27ded57cda
Add MSF module for EDB 6768
2018-04-14 08:51:51 -04:00
37c578e16d
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 17:10:53 +01:00
dee01189ca
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 15:41:21 +01:00
50c3f53e03
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:39:45 +01:00
0c829a5c6b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:35:33 +01:00
cbdb3a35b2
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 14:14:11 +01:00
6698f1b64b
Update oscommerce_installer_unauth_code_exec.rb
2018-04-06 13:05:40 +01:00
806c72ebcb
Update and rename oscommerce.rb to oscommerce_installer_unauth_code_exec.rb
2018-04-06 11:29:29 +01:00
3efd17a801
Rename osCommerce.rb to oscommerce.rb
2018-04-06 10:46:00 +01:00
0d254b4e5c
Update osCommerce.rb
2018-04-06 10:40:28 +01:00
b5681cb954
osCommerce Module
2018-04-05 20:28:14 +01:00
1fa40bfe3b
Land #8539 , ProcessMaker Plugin Upload exploit
2018-04-03 20:52:17 -05:00
dfb3a421fe
Remove require statement
2018-04-03 12:56:06 +00:00
d860d7af5b
require 'rex/tar'
2018-04-03 06:34:30 +00:00
c19fc4c18f
Land #9423 , PSH for jenkins_xstream_deserialize
2018-03-26 17:09:16 -05:00
0028e2c5ba
documentation update
2018-03-24 19:25:59 -04:00
ac9f506b45
Update tested versions
2018-03-20 02:49:56 +00:00
ea3378753b
syntax error fixed on 70 line
...
improve check payload was uploaded or not condition using AND condition on line 121
2018-03-13 14:15:03 +05:30
5e30982184
check fucktion and some words fixed
...
all changes done which is bcoles suggested
2018-03-12 21:03:34 +05:30
9b0ba4a6fa
clipbucket_fileupload_exec
2018-03-12 14:17:13 +05:30
db69f6fcf3
fixed EOL spaces
...
fixed EOL spaces
2018-03-08 17:17:43 -05:00
7300634948
Fixed exception handling in jira_plugin_upload.rb
...
Corrected nil response handling in get_ functions as well as removed redundant payload type check
2018-03-08 17:06:24 -05:00
2939695991
Add ARCH_CMD and general fixup
2018-02-26 16:59:36 -05:00
624f1afb31
Fixed errors in jira_plugin_upload.rb
...
Added default port 2990 to arguments, removed unnecessary variables in HTTP requests, added good_cookie variable, and included null response check in check method
2018-02-26 11:09:47 -05:00
b43eac624e
Add Jira Authenticated Plugin Upload Module
...
Add Jira Authenticated Plugin Upload Module
2018-02-22 10:43:36 -05:00
f98b4b0540
require 'rubygems/package'
2018-02-22 04:28:56 +00:00
c7d3b5dfbb
Update payload and disable check functionality
...
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.
The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
2018-01-18 13:26:44 -05:00
1c156c3d3c
Add powershell payload to module
2018-01-16 14:30:02 +00:00
04e4ff6b3c
Use stop_service to avoid cleanup overload
2018-01-11 19:14:26 -05:00
40f54df129
Feedback updates
2018-01-11 18:54:58 -05:00
172ffdfea1
Use geturi instead of building it ourselves
2018-01-11 18:27:56 -05:00
d4056e72da
Lower the default timeout for CHECK
2018-01-11 17:38:30 -05:00
3617a30e34
Add URIPATH random URI
2018-01-11 17:33:14 -05:00
a28d4a4b5b
Add check and update for some style considerations
2018-01-11 17:28:09 -05:00
0d9a40d2e5
Use target['Platform'] instead of target_platform
2018-01-11 15:44:07 -05:00
c490d642e2
Was missing a comma
2018-01-11 09:42:24 -05:00
3132566d8f
Fix OptFloat error
2018-01-11 09:22:16 -05:00
c05b440f26
Fix additional feedback
...
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
2018-01-11 08:17:13 -05:00
ab89e552ed
Remove accidental trailing space
2018-01-08 14:42:03 -05:00
2252490e62
Fix using arbitrary keys to instead use "URL"
2018-01-08 14:30:03 -05:00
e80ca348cf
Add Exploit-DB ID
2018-01-08 10:55:46 -05:00
6beeece708
Re-add timeout value
2018-01-07 20:21:29 -05:00
eefd432161
Make sure Platforms match our actual target list
2018-01-06 08:31:30 -05:00
4bd196f8b2
Fix missing single quotes and remove comma
2018-01-06 08:30:48 -05:00
Touhid M Shaikh