adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
59,802 Commits 27 Branches 1,043 Tags
3da8fce9cfc19dd5cea218d73b9859fa7a5a6bbf
Commit Graph

574 Commits

Author SHA1 Message Date
Brendan Coles 69031fa91f Add Apache Flink JAR Upload Java Code Execution 2021-02-22 23:00:57 +00:00
Pedro Ribeiro 79cac47ba3 add suggestions by cdelafuente-r7 2021-02-09 14:24:49 +07:00
Pedro Ribeiro 33edfaa8f6 mention that it has been tested on 2019.11 too 2021-01-30 21:47:31 +07:00
Pedro Ribeiro b8fe5fabf8 fix typo another typo 2021-01-28 22:50:05 +07:00
Pedro Ribeiro 446316ef6c fix typo at the end of app list 2021-01-28 22:49:32 +07:00
Pedro Ribeiro dcd9a6a214 add more clarification regarding affected products 2021-01-28 20:41:08 +07:00
Pedro Ribeiro 7ea5c3ffce add clarification about c3p0 2021-01-28 18:23:20 +07:00
Pedro Ribeiro c73fa70543 do the rubocop thing and add docs 2021-01-28 18:21:51 +07:00
Spencer McIntyre 74898461b4 Land #14654, Add exploit for Micro Focus UCMDB unauthenticated RCE 2021-01-27 10:00:22 -05:00
Spencer McIntyre fc6957fbf6 Fix a couple of issues in the markdown formatting 2021-01-27 10:00:02 -05:00
Pedro Ribeiro 7220dc3ff6 add new note on broken payloads 2021-01-24 22:39:01 +07:00
Pedro Ribeiro 12157163f7 Merge branch 'obm_deser' into ucmdb 2021-01-24 22:25:57 +07:00
Pedro Ribeiro bf4ac7b1a8 add UCMDB sploit 2021-01-24 22:25:45 +07:00
Grant Willcox 0ec99c03f9 Clean up documentation formatting a little bit 2021-01-22 14:27:57 -06:00
Grant Willcox 95d3bd98ac Do msftidy_docs and rubocop changes 2021-01-15 18:10:23 -06:00
Grant Willcox 2f0abe4900 Add in documentation and fix up small issues with module 2021-01-15 18:06:07 -06:00
h00die 7d7263cf1f spelling 2021-01-09 08:13:19 -05:00
h00die d8c55501a5 ait csv improter exploit 2021-01-01 12:14:52 -05:00
Grant Willcox 7de662c807 Land #14521, Struts2 Multi Eval OGNL RCE 2020-12-23 11:40:16 -06:00
Grant Willcox 70f8ff31f8 Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups. 2020-12-23 10:50:22 -06:00
Grant Willcox 799b451324 Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer. 2020-12-22 17:33:40 -06:00
Grant Willcox 4a449f97d3 Land #14522, Replace hard-coded Shiro default key with ENC_KEY 2020-12-22 09:26:49 -06:00
Grant Willcox 24e8aeffe5 Incorporate review feedback and update the associated documentation. 2020-12-21 17:29:21 -06:00
Christophe De La Fuente dc6b67f4c6 Land #14509, Fixes for Solr RCE 2020-12-18 21:51:06 +01:00
Spencer McIntyre 3d7ed70cec Tweak the check method and add module docs 2020-12-15 19:49:29 -05:00
Spencer McIntyre 246c455c96 Reformat the struts2_namespace_ognl module docs 2020-12-15 09:13:06 -05:00
James Lee f255724e01 Changes to support older Solr (tested 5.3.0) 
Use a new parameter instead of a header because older versions don't
have access to the request object.

There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.

Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
 2020-12-13 19:05:47 -06:00
alanfoster 835059f00c [CVE-2020-10977] Gitlab arbitrary file read to RCE 2020-12-07 01:26:54 +00:00
Graeme Robinson 8e534ffc22 Split scenarios to separate blocks for each target 
As suggested in https://github.com/rapid7/metasploit-framework/pull/14216#discussion_r512868894.
 2020-11-26 13:46:01 +01:00
Graeme Robinson 536e1a1a02 Fix typo in documentation 2020-11-26 13:46:01 +01:00
Graeme Robinson c280bb67e7 Wrap at 140 characters to appease msftidy_docs.rb. 2020-11-26 13:46:01 +01:00
Graeme Robinson 4dc564e62b Added documentation for module. 2020-11-26 13:46:01 +01:00
Spencer McIntyre 95665e916c Land #14416, wordpress plugin 'simple file list' rce 2020-11-25 09:58:26 -05:00
Spencer McIntyre 94c157bc95 Tweak the documentation and module output just a little for clarity 2020-11-25 09:58:07 -05:00
cgranleese-r7 31426576e0 Land #14264, Add exploit/multi/http/kong_gateway_admin_api_rce 2020-11-25 11:09:02 +00:00
h00die 92c92f1573 simple file list rce 2020-11-21 08:51:07 -05:00
William Vu dcd8ec1d70 Lock JDK to 8u131 to be safe 2020-11-18 15:17:12 -06:00
William Vu bcdf5aa586 Clarify Windows target setup further 2020-11-18 14:25:10 -06:00
William Vu 4d610b5500 Clarify using the generic installer for examples 2020-11-18 14:06:13 -06:00
William Vu 83beae731f Add WebLogic Administration Console Handle RCE 
CVE-2020-14882
CVE-2020-14883
 2020-11-18 10:56:02 -06:00
Christophe De La Fuente d6b412c58e Land #14340, Add HorizontCMS 1.0.0-beta exploit module and documentation 2020-11-13 13:03:04 +01:00
Shelby Pace 65e1ef4cb8 Land #14253, add wp-file-manager rce for wordpress 2020-11-10 08:48:33 -06:00
kalba-security e7a20ec47c Add CVE ID to module and docs 2020-11-05 07:05:32 -05:00
kalba-security cf954888da Add horizontcms_upload_exec module and documentation 2020-11-02 13:01:13 -05:00
Graeme Robinson bb9464801e Make changes suggested in review 
* Add better explanation of public-api-port option in documentation
* Add example in scenarios where admin API is on different host to
public API (therefore public-api-port option must be used)
* Add targeturi option
* Add version number that has been tested in 2 places in documentation
 2020-10-27 21:13:45 +00:00
Tim W 87104a7236 Update docs and make them msftidy_docs.rb compliant 2020-10-15 10:59:46 -05:00
ide0x90 8d43fa4848 Module can now use mkfile+put method to exploit vulnerability. 2020-10-15 17:46:40 +08:00
Graeme Robinson f6b5053666 Add exploit/multi/http/kong_gateway_admin_api_rce 2020-10-13 16:56:34 +01:00
ide0x90 b9df68cbb6 Fix module according to Rubocop, make documentation follow standard. 2020-10-11 19:04:06 +08:00
ide0x90 57b0f30e37 Add new module for WordPress File Manager unauth RCE (CVE-2020-25213) 2020-10-11 01:20:28 +08:00