ca28f59ac4
Update the description of the TARGETURI option to reflect the recent changes
2020-11-25 10:32:17 -06:00
95665e916c
Land #14416 , wordpress plugin 'simple file list' rce
2020-11-25 09:58:26 -05:00
94c157bc95
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
31426576e0
Land #14264 , Add exploit/multi/http/kong_gateway_admin_api_rce
2020-11-25 11:09:02 +00:00
c8fc5b52cf
TARGETURI Default value modification
...
TARGETURI Default value modification
2020-11-24 14:05:49 +08:00
8e299de712
Update modules/exploits/multi/http/kong_gateway_admin_api_rce.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2020-11-22 14:49:51 +00:00
a988e85d90
remove not needed code
2020-11-22 09:07:11 -05:00
92c92f1573
simple file list rce
2020-11-21 08:51:07 -05:00
72a6993408
Add patch bypass (CVE-2020-14750) to references
...
We were already using it... but now there's a CVE.
2020-11-18 10:57:05 -06:00
78999bb92c
Add an exploit from Exploit-DB
...
Written by either (Nguyen) Jang or Mohammed Althibyani. Not used by the
module.
https://www.exploit-db.com/exploits/48971
2020-11-18 10:56:03 -06:00
83beae731f
Add WebLogic Administration Console Handle RCE
...
CVE-2020-14882
CVE-2020-14883
2020-11-18 10:56:02 -06:00
4f7329d93d
Remove EOL spaces from consul_service_exec.rb
2020-11-18 09:09:55 +00:00
6f1365b75d
Add Windows support to consul_service_exec.rb
...
Added Windows to the 'Targets' list with CmdStagerFlavor psh_invokewebrequest. Generalised the payload delivery to allow for both Windows and the existing Linux payloads.
2020-11-17 15:37:55 +00:00
d6b412c58e
Land #14340 , Add HorizontCMS 1.0.0-beta exploit module and documentation
2020-11-13 13:03:04 +01:00
ce7031e263
Add suggestions from code review
2020-11-11 07:41:22 -05:00
768fb7d3a7
remove cwe-74 from cmsms
2020-11-10 11:43:42 -05:00
65e1ef4cb8
Land #14253 , add wp-file-manager rce for wordpress
2020-11-10 08:48:33 -06:00
4382f6ff55
add filedropper usage
2020-11-10 08:47:53 -06:00
e7a20ec47c
Add CVE ID to module and docs
2020-11-05 07:05:32 -05:00
a0087842fb
Fix an earlier merge mistake, was meant to replace URI.escape with Rex::Text.uri_encode() but instead replaced it with CGI.escape. Fix it to be Rex::Text.uri_encode()
2020-11-04 14:39:16 -06:00
d50ac2972d
Land #14222 , Update php_fpm_rce.rb to replace depreciated URI.encode calls with Rex::Text::uri_encode
2020-11-04 14:04:28 -06:00
79e83cdceb
add rubocop change
2020-11-04 10:09:00 -06:00
e49d99a80d
add AutoCheck usage, minor changes
2020-11-04 10:04:14 -06:00
cf954888da
Add horizontcms_upload_exec module and documentation
2020-11-02 13:01:13 -05:00
bb9464801e
Make changes suggested in review
...
* Add better explanation of public-api-port option in documentation
* Add example in scenarios where admin API is on different host to
public API (therefore public-api-port option must be used)
* Add targeturi option
* Add version number that has been tested in 2 places in documentation
2020-10-27 21:13:45 +00:00
79384e85f3
remove old .keep files in non-empty directories
2020-10-24 09:41:55 -04:00
849dbeca5c
Fix up bad merge commit
2020-10-15 11:53:39 -05:00
d6a91f8965
Remove some unnecessary comments
2020-10-16 00:34:12 +08:00
8d02a1a4c6
Use Rex::MIME for building MIME message
2020-10-16 00:26:10 +08:00
87104a7236
Update docs and make them msftidy_docs.rb compliant
2020-10-15 10:59:46 -05:00
f2899186e4
Add in first round of initial updates to fix review comments
2020-10-15 10:59:40 -05:00
dcc322436b
Update documentation files and module description to more accurately describe what the cause of the LPE bug for CVE-2019-1458 is. also apply RuboCop edits.
2020-10-15 10:58:58 -05:00
c38064b022
Apply rubocop edits and update documentation
2020-10-15 10:58:38 -05:00
a3772d43d4
set InitialAutoRunScript to post/windows/manage/priv_migrate
2020-10-15 10:58:08 -05:00
12c5f4f916
CVE-2019-1458 chrome sandbox escape initial commit
2020-10-15 10:57:46 -05:00
8d43fa4848
Module can now use mkfile+put method to exploit vulnerability.
2020-10-15 17:46:40 +08:00
a8341d72ae
skip cleanup when using check method
2020-10-14 17:17:09 +01:00
97f9c67ff1
Use class's cleanup method
2020-10-14 16:25:42 +01:00
f6b5053666
Add exploit/multi/http/kong_gateway_admin_api_rce
2020-10-13 16:56:34 +01:00
b9df68cbb6
Fix module according to Rubocop, make documentation follow standard.
2020-10-11 19:04:06 +08:00
57b0f30e37
Add new module for WordPress File Manager unauth RCE (CVE-2020-25213)
2020-10-11 01:20:28 +08:00
a2675c13e8
Land #14213 , Add disclosure date rubocop linting rule - enforce iso8601 disclosure dates
2020-10-07 12:09:59 -05:00
2c391e9edc
Fix up last of the module that had incorrect disclosure dates
2020-10-07 12:09:35 -05:00
a1164dbe9e
Update php_fpm_rce.rb
...
URI.encode/URI.escape is obsolete. Replaced with CGI.escape.
2020-10-05 11:57:17 -04:00
15bb690308
fix vulnerability spelling
2020-10-04 13:00:48 -04:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
26ff912291
Fix invalid disclosure date formats
2020-10-02 12:20:05 +01:00
80b94334f2
ghetto force java
2020-09-30 16:58:12 -05:00
33b3d6efcc
Use register_for_cleanup instead of on_new_session for cleanup
2020-09-25 08:11:02 -04:00
5b48bae4b0
Use keep_cookies instead of @cookie variable
2020-09-24 16:36:01 -04:00
Grant Willcox