adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

2936 Commits

Author SHA1 Message Date
sinn3r 529f88c66d Some msftidy fixes 2012-10-14 19:16:54 -05:00
sinn3r cedcace1a7 Forgot to change the output variable 
Because the original script used match()
 2012-10-14 11:43:33 -05:00
sinn3r cc303665e8 Credit 2012-10-13 00:42:44 -05:00
sinn3r 5b2998a121 Add OSVDB-63552 AjaXplorer module (2010) 2012-10-13 00:35:48 -05:00
James Lee 90ae5c1178 Add PhpEXE support to RateMyPet module 2012-10-12 04:53:01 -05:00
James Lee 13a5892e95 Add a mixin for uploading/executing bins with PHP 
And use it in three modules that had copy-paste versions of the same
idea.
 2012-10-12 02:57:41 -05:00
sinn3r c094508119 Support Python payload 
Pretty sure if the app is run on Unix/Apache, or supports perl and
ruby, chances are python works too.
 2012-10-08 22:17:11 -05:00
sinn3r 06e2994b7e connectiontype to find and python payload support 2012-10-08 15:13:27 -05:00
sinn3r 04aa69192d Dang typo 2012-10-08 13:35:13 -05:00
sinn3r 8ff4442f9e Add PhpTax pfilez exec module 
This module exploits a vuln found in PhpTax.  When generating a
PDF, the icondrawpng() function in drawimage.php does not
properly handle the pfilez parameter, which will be used in a
exec() statement, and results in arbitrary code execution.
 2012-10-08 12:46:56 -05:00
HD Moore 3ade5a07e7 Add exploit for phpmyadmin backdoor 2012-09-25 10:47:53 -05:00
sinn3r 1111de0197 Add OSVDB reference 2012-09-25 01:19:58 -05:00
sinn3r 98f4190288 Add Auxilium RateMyPet module 2012-09-24 10:16:11 -05:00
James Lee caf7619b86 Remove extra comma, fixes syntax errors in 1.8 
Thanks, Kanedaaa, for reporting
 2012-09-13 12:07:34 -05:00
sinn3r 71a0db9ae5 Make sure the user has a 'myAccount' page 2012-09-13 10:33:43 -05:00
sinn3r 658502d5ad Add OSVDB-82978 
This module exploits a vuln in qdPM - a web-based project
management software. The user profile's photo upload feature can
be abused to upload any arbitrary file onto the victim server
machine, which allows remote code execution. However, note in
order to use this module, the attacker must have a valid cred
to sign.
 2012-09-13 10:01:08 -05:00
sinn3r bd596a3f39 Merge branch 'sflog_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-sflog_upload_exec 2012-09-06 18:40:19 -05:00
sinn3r b4270bb480 Add OSVDB-83767: SFlog Upload Exec Module 
This module exploits multiiple flaws in SFlog!. By default, the
CMS has a default admin cred of "admin:secret", which can be
abused to access admin features such as blog management.  Through
the management interface, we can upload a backdoor that's accessible
by any remote user, and then we gain code execution.
 2012-09-06 18:30:45 -05:00
jvazquez-r7 fc1c1c93ba ZDI references fixed 2012-09-07 00:50:07 +02:00
jvazquez-r7 65681dc3b6 added osvdb reference 2012-09-06 13:56:52 +02:00
jvazquez-r7 b4113a2a38 hp_site_scope_uploadfileshandler is now multiplatform 2012-09-06 12:54:51 +02:00
Tod Beardsley 9531c95627 Adding BID 2012-09-05 15:04:05 -05:00
sinn3r 99009da567 Merge branch 'mobilecartly_upload_exec' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mobilecartly_upload_exec 2012-09-04 14:32:23 -05:00
sinn3r e926bc16ba Add MobileCartly 1.0 module 2012-09-04 14:23:16 -05:00
jvazquez-r7 4a92cc4641 jboss_invoke_deploy module cleanup 2012-09-04 18:49:11 +02:00
h0ng10 2b6aa6bbdb Added Exploit for deployfilerepository via JMX 2012-09-03 13:50:16 -04:00
jvazquez-r7 4fd9f88304 avoid the redefinition of Module.target_host 2012-08-30 14:45:14 +02:00
sinn3r 7ddcc787bd Merge branch 'jboss-exploits-revision2' of https://github.com/h0ng10/metasploit-framework into h0ng10-jboss-exploits-revision2 2012-08-21 14:37:09 -05:00
h0ng10 c6b9121f8b Added support for CVE-2010-0738 2012-08-15 15:47:44 -04:00
h0ng10 6965431389 Added support for CVE-2010-0738, msftidy 2012-08-15 15:47:14 -04:00
h0ng10 e5498e3e1d Added fix for CVE-2010-0738, corrections 2012-08-15 15:46:34 -04:00
Tod Beardsley 0e4e7dc903 Indentation fix 2012-08-14 12:27:27 -05:00
Tod Beardsley 6597d25726 Shortening an over-200 long line for readability 
It's a contrived fix, but scrolling over is a hassle. This comes up a
lot in long regexes, not sure the best way to address these.
 2012-08-14 12:27:27 -05:00
jvazquez-r7 d6b28dc44d ranking changed plus on_new_session handler added 2012-08-13 19:29:13 +02:00
jvazquez-r7 468030786f small fixes, mainly check res agains nil, res.code and use send_request_cgi 2012-08-13 18:57:59 +02:00
bcoles 8bb3181f68 Add TestLink v1.9.3 arbitrary file upload module 2012-08-13 16:30:10 +09:30
sinn3r b46fb260a6 Comply with msftidy 
*Knock, knock!*  Who's there? Me, the msftidy nazi!
 2012-08-07 15:59:01 -05:00
Steve Tornio b646dcc87f add osvdb ref 2012-08-05 09:02:32 -05:00
Tod Beardsley d5b165abbb Msftidy.rb cleanup on recent modules. 
Notably, DisclosureDate is required for other module parsers, so let's
not ignore those, even if you have to guess at the disclosure or call
the module's publish date the disclosure date.
 2012-08-04 12:18:00 -05:00
h0ng10 8872ea693c real support for cve-2010-0738/verb bypass 2012-08-03 14:22:40 -04:00
h0ng10 52b1919315 Additional cleanups, verb tampering 2012-08-02 17:33:17 -04:00
sinn3r 9815faec37 Add OSVDB-83822 2012-07-31 13:31:06 -05:00
h0ng10 36be7cd9c4 removed unnecessary cleanup 2012-07-27 16:32:08 -04:00
sinn3r d67234bd03 Better regex and email format correction 2012-07-27 01:14:32 -05:00
sinn3r 2939e3918e Rename file 2012-07-27 01:06:57 -05:00
bcoles cec15aa204 Added CuteFlow v2.11.2 Arbitrary File Upload 
- modules/exploits/multi/http/cuteflow_2.11.2_upload_exec.rb
 2012-07-27 12:30:20 +09:30
HD Moore b133428bc1 Better error handling in two web app modules 2012-07-15 21:56:00 -05:00
jvazquez-r7 6c8ee443c8 datastore cleanup according to sinn3r 2012-07-12 09:31:22 +02:00
h0ng10 87f5002516 added datastore cleanup 2012-07-11 12:56:23 -04:00
h0ng10 0d38a7e45f switched to Rex::Text.encode_base64() 2012-07-11 12:52:09 -04:00