d7cf08d5f3
Convert Java classloading code into a mixin
2020-04-14 14:01:18 -05:00
d920bb4615
Fix bad regex on length of "Metasploit" string
...
It won't match a char because it's a newline. While sticking "m" on the
end of the regex would work, there is zero reason we can't hardcode the
length, since the string is fixed.
irb(main):001:0> "\nhi" =~ /.hi/
=> nil
irb(main):002:0> "\nhi" =~ /.hi/m
=> 0
irb(main):003:0>
2020-04-14 14:01:17 -05:00
83d5a673ac
Rename exploit_class to constructor_class
2020-04-14 14:01:17 -05:00
a98215d27e
Relax regex in case of Enterprise Edition (EE)
...
I don't know what the regex would be, since I don't have EE.
2020-04-14 14:01:17 -05:00
5e65bb2a6a
Document remote classloading files
2020-04-14 14:01:17 -05:00
96242a99a1
Document the magic
2020-04-14 14:01:17 -05:00
d220c1045e
Refactor check for precision
2020-04-14 14:01:17 -05:00
8297f77d0a
Update vuln discoverer to Markus Wulftange
...
Wasn't in the original blog post, but it's in the vendor advisory.
2020-04-14 14:01:17 -05:00
c475ddac52
Add vendor advisory to references
2020-04-14 14:01:17 -05:00
0c8ee27613
Add Liferay Portal Java Unmarshalling RCE
2020-04-14 14:01:17 -05:00
bea42876ee
Land #13067 , PlaySMS template injection RCE
2020-04-03 10:22:35 -04:00
bd835e8f2d
Cleanup more status methods and move the module
2020-04-03 10:21:27 -04:00
859eda92bb
Land #12759 , Apache Solr Remote Code Execution via Velocity Template
...
Merge branch 'land-12759' into upstream-master
2020-04-02 11:23:33 -05:00
d904eed010
add badchars for various targets
2020-03-30 12:49:58 +07:00
861b79bce7
Added new targets and made documentation consistent
2020-03-29 00:33:24 +08:00
59c2079aa4
split AIX and Linux cmd targets
2020-03-28 14:35:24 +07:00
46286f8981
change to payload.encoded
2020-03-28 14:30:20 +07:00
2ac177cb39
make changes for ARCH_CMD, add multiple targets
2020-03-28 14:22:21 +07:00
6a6b99885d
Add ARCH_CMD, tested and working
2020-03-28 13:55:09 +07:00
5ac0145bb4
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-28 11:04:31 +07:00
c4f05fb566
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-27 16:29:34 +07:00
8139d0a1f1
change if to positive
2020-03-27 16:18:43 +07:00
79abacd186
Fix null response
2020-03-27 16:17:01 +07:00
7400720130
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-27 16:15:56 +07:00
75a0a2ae8a
change module name
2020-03-27 16:15:43 +07:00
3429e86f40
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-27 16:14:44 +07:00
f69d9e0b0d
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-27 16:14:33 +07:00
f81099709d
Update modules/exploits/multi/misc/ibm_tm1_unauth_rce.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2020-03-27 16:14:22 +07:00
cb5fbdf0c0
explain a bit better
2020-03-27 15:23:46 +07:00
d566fdefae
add link to advisory
2020-03-27 14:52:28 +07:00
38df0e3a58
Add exploit for IBM TM1
2020-03-27 14:40:56 +07:00
0b4c047411
doc cleanup
2020-03-24 08:47:21 -04:00
fd8ceb0db2
Land #13082 , add Horde Groupware Webmail RCE
2020-03-23 07:32:53 -05:00
475c24361d
randomize file name
2020-03-23 07:28:04 -05:00
c6eebe4ca3
replace equality with include?
2020-03-20 21:19:29 -05:00
5b2f744cd8
Land #13070 , fix Cisco DCNM directory search regex
2020-03-19 13:17:27 -04:00
40d6dd14c4
Remove the check method
2020-03-18 20:29:49 +01:00
19e9848592
Remove trailing spaces
2020-03-17 19:06:57 +01:00
bbb152a6d8
Update modules/exploits/multi/http/horde_csv_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-17 19:02:34 +01:00
eccee07e8b
Update modules/exploits/multi/http/horde_csv_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-17 19:02:07 +01:00
a60652898f
Update modules/exploits/multi/http/horde_csv_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-17 19:01:03 +01:00
a4ff847170
Update modules/exploits/multi/http/horde_csv_rce.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2020-03-17 18:57:06 +01:00
126f5ca05d
Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518)
2020-03-14 16:07:51 +01:00
c21b90ea61
Land #13063 , Add PSH-AmsiBypassURI option to allow persistent web_delivery
...
Merge branch 'land-13063' into upstream-master
2020-03-13 09:52:25 -05:00
dfe70ca3fc
Cisco DCNM Module upload directory location regex filter corrected to allow for paths such as C:\Cisco System\
2020-03-12 17:08:33 -04:00
71f2e4c26c
Land #13035 , update PHP web_delivery to SSL context
...
Update the PHP command from web_delivery to ignore invalid SSL
certificates which is required for newer versions of PHP when a
self-signed certificate is used.
2020-03-12 16:35:12 -04:00
67aefb372e
fix rapid7/metasploit-framework#13046
2020-03-12 15:21:00 +08:00
0e163c69ab
Land #12975 , exploits RCE backdoor in PHPStudy
2020-03-10 11:56:26 +00:00
c75780350e
Land #13038 , clean up the socket when checking
2020-03-06 13:00:42 -05:00
e5f2b48274
Ensure client is disconnected when leaving the check method
2020-03-06 17:38:37 +01:00
William Vu