adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

18316 Commits

Author SHA1 Message Date
Christophe De La Fuente f07578b4b4 Land #18209, Fix bypassuac_comhijack module crash 2023-08-01 14:52:41 +02:00
Ismail Dawoodjee 11fb61c3b6 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-08-01 14:24:37 +03:00
Spencer McIntyre f787bcd04f Define the space for the payload 2023-07-31 18:06:38 -04:00
Spencer McIntyre de6508c3e3 Initial commit of CVE-2023-3519 2023-07-31 17:30:52 -04:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Christophe De La Fuente a7402fb5f1 Land #18205, Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-31 15:15:07 +02:00
Christophe De La Fuente 56661f49ee Add a comment explaining why the Windows target is disabled 2023-07-31 15:13:35 +02:00
h00die-gr3y 19ef0cc4f9 Added documentation and fixed a typo in the module description 2023-07-28 21:30:24 +00:00
Ismail Dawoodjee aeb8cd3971 Use uri variable instead of hardcoding it - 2nd instance 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-07-28 23:30:42 +03:00
Ismail Dawoodjee 207d00b73c Use uri variable instead of hardcoding it 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-07-28 23:29:06 +03:00
ismaildawoodjee 06db7dae40 Change parsing method for version number 2023-07-28 16:17:58 -04:00
h00die-gr3y f282e1ab92 first drop of module 2023-07-28 20:14:44 +00:00
Ismail Dawoodjee c4d089b884 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-28 23:13:11 +03:00
Ege Balcı c509b7b341 Comment out Windows target related lines 2023-07-28 17:06:21 +02:00
Jack Heysel 416124705f Working in metasploit 2023-07-28 03:43:37 -04:00
Ege Balcı 225a33995a Merge branch 'rudder_server_sqli_rce' of github.com:egebalci/metasploit-framework into rudder_server_sqli_rce 2023-07-28 00:54:29 +02:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 5d00f882ad Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-07-27 21:58:06 +00:00
ErikWynter f79b4331b8 code review fixes for wd_mycloud_unauthenticated_cmd_injection 2023-07-27 23:09:50 +03:00
Ege Balcı ca9601bb58 Fixed check method and targets 2023-07-26 18:01:26 +02:00
Ege Balcı 5b5f666256 Make rubocop happy 2023-07-26 16:26:18 +02:00
Ege Balcı 006831938d Adjust targets 2023-07-26 16:26:18 +02:00
Ege Balcı f5e91f686c Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:18 +02:00
Ege Balcı d50fceca40 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 1b52c7c8ba Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı bc58254db8 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı d6328edc27 Make rubocop happy 2023-07-26 16:26:17 +02:00
Ege Balcı 47f48e8adb Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-26 16:26:17 +02:00
ErikWynter 53b8653ac7 add wd_mycloud_unauthenticated_cmd_injection 2023-07-26 17:24:44 +03:00
ismaildawoodjee b7b11373f5 Use full_uri for the payload URI 2023-07-25 22:53:11 -04:00
Ismail Dawoodjee 867282ba96 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 23:09:30 +03:00
ismaildawoodjee 671a90ee58 Put checks for website requests and change failure message 2023-07-25 16:08:25 -04:00
Christophe De La Fuente c7f8ce5acd Land #18199, VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 2023-07-25 17:45:30 +02:00
Ismail Dawoodjee 78c1f75f2a Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 18:01:08 +03:00
ismaildawoodjee e9f53bd195 Use full_uri instead of piecing together a full URI 2023-07-25 11:00:21 -04:00
h00die-gr3y 43056ad621 removed powershell mixin 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y 45eacec846 Updated module with WordPress check 2023-07-25 14:06:44 +01:00
h00die-gr3y cda6ab5960 init commit module 2023-07-25 14:06:29 +01:00
Ismail Dawoodjee a709c4c010 Update modules/exploits/linux/http/subrion_cms_file_upload_rce.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-07-24 20:36:28 +03:00
ismaildawoodjee 4e16307165 Add module and documentation for Subrion CMS v4.2.1 RCE 2023-07-21 17:22:58 -04:00
adfoster-r7 c26d44a177 Fix bypassuac_comhijack module crash 2023-07-21 16:46:43 +01:00
adfoster-r7 f287f50be7 Land #18187, Fixes incorrect usage of pack/unpack directives 2023-07-21 11:40:02 +01:00
Jack Heysel ee26e7f926 Rubocop fixes 2023-07-20 16:40:28 -04:00
Jack Heysel 421b06119f Update docs 2023-07-20 14:55:27 -04:00
Jack Heysel c48346413c Fixed payload and verion detection 2023-07-20 14:44:56 -04:00
h00die 530934f78a review comments 2023-07-19 11:42:47 -04:00
cgranleese-r7 8e0a909b18 Fixes incorrect usage of pack/unpack directives 2023-07-19 11:39:00 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00