00cc8dcc09
Update modules/exploits/linux/http/vinchin_backup_recovery_cmd_inject.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-11-20 19:05:45 +01:00
42cdda7200
Vinchin
2023-11-16 18:10:42 +01:00
24fc989305
Merge branch 'rapid7:master' into master
2023-11-16 16:09:36 +01:00
ef84759dd4
Fixed an issue in the DIR-300 rev B version check
2023-11-14 20:40:38 +00:00
3fa9416044
update addressing latest comments
2023-11-14 17:15:25 +00:00
6e1580e5f5
added target DIR-845L
2023-11-13 14:48:59 +00:00
51523e0971
release updating dlink_upnp_msearch_exec exploit module
2023-11-13 12:15:04 +00:00
1da4333611
Land #18434 , Add module for Zoneminder RCE
...
This PR adds an RCE module for the Zoneminder video
surveillance software system (CVE-2023-26035).
2023-11-10 15:15:01 -05:00
6056081de5
Change status message upon completion of exploit
2023-11-10 05:28:10 +05:30
8301e6c766
Use Rex::RandomIdentifier::Generator to generate payload variables names
2023-11-10 05:25:59 +05:30
9ce3fdc557
added empty line after guard clause
2023-11-09 22:23:27 +00:00
4919291ec8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:39 +01:00
21340d0fd8
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:21:26 +01:00
87cb12731e
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:57 +01:00
e4005feb30
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:33 +01:00
110cea8cc9
Update modules/exploits/unix/webapp/zoneminder_snapshots.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-09 23:20:17 +01:00
7482948ab7
Fix
2023-11-09 20:05:39 +01:00
c5cfc995c2
Add vinchin_backup_recovery_cmd_inject
2023-11-09 19:47:27 +01:00
77a93e452f
Land #18507 , Exploit & Auxiliary modules for CVE-2023-20198 and CVE-2023-20273 (Cisco IOS XE)
...
Merge branch 'land-18507' into upstream-master
2023-11-08 09:05:40 -06:00
2a56c3f28b
remove redundant \d in check regex
2023-11-07 09:21:04 +00:00
25ef7d1272
add the RCE exploit
2023-11-06 17:12:40 +00:00
e8d45b00ba
Land #18501 , Exploit module for CVE-2023-46604 - Apache ActiveMQ
...
Merge branch 'land-18501' into upstream-master
2023-11-06 09:30:48 -06:00
ea21036995
reduce nesting in the check routine
2023-11-06 09:42:59 +00:00
4272678938
reduce the indentation in on_request_uri
2023-11-06 09:36:20 +00:00
fa8c40072c
ensure the payload doesnt contain a CDATA closing tag, if found then fail before we attempt exploitation
2023-11-06 09:36:20 +00:00
b9c65d5b75
Delete log entries on target
2023-11-06 02:00:25 +05:30
ba196b4264
Handle serving of payloads for different targets
2023-11-06 01:57:44 +05:30
1cde6198b5
Land #18481 , MagnusBilling unauthenticated RCE [CVE-2023-30258]
2023-11-03 20:42:27 +01:00
8bb7b98ce9
Land #18506 , Fix stability issue for f5 2023-46747
...
This PR fixes a statbility issue with the
f5_bigip_tmui_rce_cve_2023_46747 module. Prior to this fix
occasionally the module would fail on login as things were
running too quickly, the module now retrys loging in.
2023-11-03 10:51:04 -04:00
e5790f8d6e
Fix a stability issue with the module
...
Occassionally the module will fail on login if things are running too
quickly. Fix it by retrying like update_user_password does.
2023-11-02 17:10:20 -04:00
c27412a1ac
Land #18494 , Add AjaxPro Deserialization RCE
...
This PR adds a module which leverages an insecure
deserialization of data to get remote code execution
on the target OS in the context of the user running
the website which utilized AjaxPro.
2023-11-02 13:54:17 -04:00
f83f183fe2
Apply Code Suggestions from review
2023-11-03 00:04:20 +08:00
27d86be456
Remove the REPEATABLE_SESSION tag
...
The module is generally reliable, but may fail after it's been run multiple
times.
2023-11-02 11:11:36 -04:00
cea4c1f326
Feedback from module review
2023-11-02 10:17:45 -04:00
d26742a266
Add check code annotations, update AJP link
2023-11-02 08:53:56 -04:00
24810183ca
add in a unix target as ActiveMQ can run on OSX
2023-11-02 10:25:45 +00:00
94b5211525
set exploit Stance to Agressive
2023-11-02 09:32:36 +00:00
a7e8be4860
Fix code styling to pass msftidy
2023-11-02 10:35:49 +08:00
9f9f18c73f
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-02 10:10:26 +08:00
9c67b92a4d
Rename the other TMUI RCE module
2023-11-01 16:55:42 -04:00
7b53592b4f
Add module docs
2023-11-01 16:55:41 -04:00
03252913a1
Add the check method
2023-11-01 16:55:41 -04:00
714eeaaa3a
Finish cleaning the exploit up
2023-11-01 16:55:36 -04:00
df040b30aa
typos and improve comments
2023-11-01 17:59:00 +00:00
a408181def
Add initial work on exploit module for CVE-2023-46604
2023-11-01 17:34:30 +00:00
c803d6ef7e
Fetch the admin hash as a bonus
2023-10-31 15:27:31 -04:00
04388d9e25
Initial commit of CVE-2023-46747
2023-10-31 09:55:18 -04:00
ad6e4618df
third release module with minor text changes
2023-10-31 09:29:13 +00:00
bfff35eb63
second release module with php fix
2023-10-31 09:05:51 +00:00
00ccebe8ce
Upadte documentation for AjaxPro Deserializaion RCE
2023-10-31 13:31:10 +08:00
Valentin Lobstein