adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
Grant Willcox 5b39eaafc1 Land #18074, Fix exception handling in gitlab_github_import_rce_cve_2022_2992 module 2023-06-07 14:52:21 -05:00
Christophe De La Fuente 82c8b5418e Land #17936, PaperCutNG Authentication Bypass with RCE 2023-06-07 15:05:51 +02:00
Christophe De La Fuente 451735ad15 Fix exception handler & add doc 2023-06-06 17:43:22 +02:00
cgranleese-r7 18ddd72285 Update jenkins login scanner to work with newer versions 2023-06-06 11:54:55 +01:00
catatonicprime 3875947f7d Removing unnecessary assignment 2023-05-31 19:17:30 +00:00
Catatonic Prime 6351c66b1e Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-31 08:56:13 -07:00
Catatonic Prime 6ad9ebb5c0 Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-31 08:48:53 -07:00
catatonicprime 530ed911f4 Fixing ZDI ID 2023-05-30 19:03:01 +00:00
catatonicprime b376dac34b okay linter 2023-05-30 18:40:59 +00:00
catatonicprime cbf850b2b7 Apparently the comment after the rescue squelchs the linter. 2023-05-30 18:38:48 +00:00
catatonicprime a445b07233 removing unnecessary call to payload_uri 2023-05-11 16:35:53 +00:00
catatonicprime d50bd24c2f Adding config cleanup. 2023-05-11 04:57:57 +00:00
catatonicprime cb2c6a7d80 Prevent bypass_auth from being called twice when AutoCheck is true 2023-05-11 00:34:47 +00:00
Grant Willcox 9f0a6503b7 require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
Grant Willcox 5d4e68d36c Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't 2023-05-10 10:36:29 -05:00
Grant Willcox 1b8f1de7c8 Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters. 2023-05-10 10:16:08 -05:00
catatonicprime c5b0bc68d7 Improved automatic targeting, tested back to major version 14 2023-05-09 23:44:46 +00:00
catatonicprime eff189f221 Ensuring csrf_token is initialized. 2023-05-09 23:43:56 +00:00
catatonicprime 43564b5267 Removing unneeded features/options. 2023-05-09 23:43:30 +00:00
Jack Heysel 79d35ad938 Fixed check method 2023-05-09 14:25:03 -05:00
Jack Heysel eca87ea2eb Updated side effects and fixed fail_withs 2023-05-09 14:25:03 -05:00
Jack Heysel 348750ea70 Updated Authors 2023-05-09 14:25:02 -05:00
Jack Heysel 07056a74bc Pentaho Business Server Auth Bypass and SSTI 2023-05-09 14:24:51 -05:00
catatonicprime c69ca39748 consistent indenting 2023-05-06 05:07:59 +00:00
catatonicprime 0448d408ea Match wording from "How to write a module using HttpServer and HttpClient" on docs.metasploit.com 2023-05-06 04:58:50 +00:00
catatonicprime af3c482acd heh, I probably should have tested that too 2023-05-06 04:55:23 +00:00
catatonicprime e37e506fe2 heh, I probably should have tested this 2023-05-06 04:37:43 +00:00
catatonicprime f27648799b Adding original ZDI reference. Minor formatting changes. 2023-05-05 18:19:53 +00:00
Catatonic Prime 5f12f0e0ba Apply suggestions from code review 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-05 11:07:08 -07:00
Christophe De La Fuente 60149259a2 Land #17856, RCE exploit for CVE-2023-26359 (Adobe ColdFusion) and an auxiliary module for arbitrary file read via the same vuln. 2023-04-28 19:27:15 +02:00
catatonicprime 97a76e3883 linting changes. removing unnecessary success checks. 2023-04-28 00:07:47 +00:00
catatonicprime 4ba8d62d88 Removing unused documentation 2023-04-28 00:02:37 +00:00
catatonicprime c0be991ed8 removing superfluous options 2023-04-28 00:00:57 +00:00
catatonicprime 12f7134cc6 generating payloads on the fly is what we wanted originally 2023-04-27 19:38:12 +00:00
catatonicprime 16ae6b71f4 Use the generated payload as is. 2023-04-27 15:21:21 +00:00
catatonicprime feec15a482 full_uri has what we need for the origin header 2023-04-27 15:07:15 +00:00
catatonicprime 0be38eb3ab method should do one thing and do it well 2023-04-26 19:32:57 +00:00
catatonicprime 5e93669d75 Enable AutoCheck 2023-04-26 19:28:56 +00:00
catatonicprime 9f6fe964e2 bypass_auth returns the anti-csrf token and vprints active session on success 2023-04-26 18:28:02 +00:00
catatonicprime 8694beebd1 Removing unnecessary search. 2023-04-26 18:17:46 +00:00
catatonicprime 0cf5f4cacc More accurate list of side effects. 2023-04-26 16:55:13 +00:00
catatonicprime bcafd22997 Better defaults pattern for TARGETURI. 2023-04-26 16:54:19 +00:00
catatonicprime 8c87660eaa Explicit stance. 2023-04-26 16:53:04 +00:00
catatonicprime 22238a0860 Adding references. 2023-04-26 16:52:26 +00:00
catatonicprime 8a9871f0d8 Default to a java payload. 2023-04-25 23:57:05 +00:00
catatonicprime a229a0ed86 If you are receiving 200, that is hard-evidence of bypass. Also Fix typo. 2023-04-25 23:34:04 +00:00
catatonicprime 17271f1046 Adding documentation, expanding failure cases. Always struggle in the last mile. Here we go. 2023-04-25 23:00:33 +00:00
catatonicprime 1a823b05f1 Serve jar file for exploit. 2023-04-25 18:36:44 +00:00