76d103e483
Fix: Bootstrap cycle tables and update lab documentation
...
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
2026-02-27 14:33:04 +01:00
402ed5d50b
Docs: Clarify 41086aaa is a pinned vulnerable commit on alpha branch
2026-02-26 17:18:22 +01:00
05c12bb033
Feat: Add three MajorDoMo unauthenticated RCE modules
...
- CVE-2026-27174: Console eval RCE via missing exit after redirect
- CVE-2026-27175: Command injection via rc/index.php + cycle_execs race condition
- CVE-2026-27180: Supply chain RCE via update URL poisoning in saverestore module
All three modules include documentation with Docker lab setup instructions.
2026-02-21 08:34:31 +01:00
b6f37bef11
Land #20976 , adds module for StoryChief WP plugin (CVE-2025-7441)
...
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
2026-02-19 10:06:25 +01:00
a48129b640
Updated doc after checking msftidy_docs
2026-02-18 16:58:51 +02:00
8ee79fa524
Add StoryChief WordPress 1.0.42 unauthenticated RCE module
2026-02-16 00:44:20 +02:00
a39ed2beac
Removing default version in the Dockerfile
2026-02-13 15:14:41 +01:00
bbfe139e7f
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 15:01:52 +01:00
2b6d95d3c9
Adding a scenario in the documentation
...
The documentation for PHP Fetch have been added. The scenario have been
redone in order to track the last changes.
2026-02-13 15:01:17 +01:00
381972efd2
Changing the documentation
...
According to the recent change, i've changed the documentation and the
scenario outputs.
2026-02-13 14:05:29 +01:00
a4ec3cd40d
Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce
...
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
2026-02-13 06:51:42 -05:00
78f4b8f97d
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 08:50:23 +01:00
35b52df28a
Merge pull request #20849 from haicenhacks/haicen_xerte
...
Add three modules for exploiting Xerte Online Toolkits
2026-02-12 15:01:42 -05:00
41414b896b
Tweak whitespacing in the docs for the renderer
2026-02-12 14:43:47 -05:00
7204c64b6b
Improves documentation
2026-02-12 12:05:29 -05:00
66139795e5
Fixes problems with module documentation
2026-02-11 18:20:06 -05:00
58dd29107f
remove SMB_SRVPORT as an option. It must allways be 445 so the user cannot change it. We print a message to inform the user this port is intended to be in use so that the SMB server is not compleatly opaque.
2026-02-05 17:21:31 +00:00
eb5507844b
Testing the module on different version
...
The module have been tested on different version of ChurchCRM (6.8.0 and
6.2.0) prooving it's vulnerability to this exploit. This commit contains
modification of the dockerfile/docker-compose in order to support
multi-version installation.
2026-02-05 12:36:26 +01:00
40073bcc8e
typo in docs
2026-02-05 09:00:15 +00:00
50f46aa85d
add docs
2026-02-04 20:36:10 +00:00
4d65f15884
Adding a link to the CVE
2026-02-04 16:17:15 +01:00
ca5ceae1b3
Adding documentation to the churchcrm module
...
The documentation of the module is addedd.
2026-02-04 16:04:42 +01:00
c0e9288ac5
Merge pull request #20799 from jheysel-r7/feat/cacti_graph_template_rce
...
Cacti Graph Template Authenticated RCE [CVE-2025-24367]
2026-01-22 14:26:38 -05:00
2e484d552e
Finishing touches
2026-01-22 15:03:31 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
719874a7f4
Merge pull request #20750 from MatDupas/add-exploit-oracle-ebs-cve-2025-61882-module
...
Add exploit oracle ebs CVE 2025 61882 module
2026-01-21 16:08:09 -08:00
b6da204725
Apply suggestions from code review
...
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com >
2026-01-21 10:09:12 -08:00
c3830f6987
adds documentation
2026-01-20 22:29:29 -05:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
54c6e18505
Update documentation/modules/exploit/multi/http/oracle_ebs_cve_2025_61882_exploit_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2026-01-17 12:26:18 +01:00
ade984aead
Merge pull request #20793 from Chocapikk/avideo-v2
...
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
2026-01-15 17:36:07 -06:00
b2abdb21de
Fix AVideo lab documentation: update file editing instructions
...
Updated the note to provide a working method to edit configuration.php. Users can enter the container shell or copy the file out for editing.
2026-01-14 00:35:39 +01:00
ae4babbcf1
Fix AVideo lab documentation: remove broken sed command
...
Removed the broken sed command that doesn't work correctly. Updated note to specify editing /var/www/html/AVideo/videos/configuration.php manually with an editor instead.
2026-01-14 00:34:35 +01:00
37f9802b83
Update AVideo lab documentation: remove automatic sed fix, specify file to edit
...
Removed mention of automatic sed fix in docker-entrypoint. Updated note to specify that users should manually edit /var/www/html/AVideo/videos/configuration.php if they encounter redirect issues with webSiteRootURL.
2026-01-14 00:34:10 +01:00
733455eb53
Change port to 80 in AVideo lab documentation
...
Changed HTTP_PORT from 9999 to 80 in the documentation to use the correct URL directly. This fixes the webSiteRootURL issue where AVideo was generating incorrect URLs with the mapped port instead of the container's internal port.
2026-01-14 00:32:43 +01:00
f6430ee093
Fix MariaDB tc.log corruption issue in AVideo lab setup
...
The MariaDB container fails to start with 'Bad magic header in tc log' error
when the data directory has incorrect permissions or was previously corrupted.
This occurs during first-time setup of the AVideo lab environment.
The fix:
- Creates a custom entrypoint script that detects and removes corrupted tc.log
files by checking the magic header (should be 01 00 00 00)
- Modifies Dockerfile.mariadb to integrate the fix script into the original
MariaDB entrypoint using sed
- Ensures the fix runs automatically before MariaDB initialization
This allows the lab to start successfully on first run without manual intervention.
Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com >
2026-01-13 22:31:38 +01:00
eae97b314a
Land #20810 , adds module for authenticated RCE in n8n (CVE-2025-68613)
...
Adds module for n8n workflow expression RCE (CVE-2025-68613)
2026-01-13 16:51:06 +01:00
10d12570c0
Merge pull request #20791 from Chocapikk/webcheck
...
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2026-01-12 17:14:04 -06:00
cdebe41d6c
Revert unintended change
2026-01-09 09:55:22 -08:00
d45e91b130
typo
2026-01-09 10:48:30 -05:00
b9be6ac259
Merge pull request #20785 from Chocapikk/react2shell-clean
...
Update react2shell module: Add Waku framework support
2026-01-08 17:58:48 -08:00
b39e781500
Land #20700 , adds module for Taiga.io RCE (CVE-2025-62368)
...
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
2026-01-07 11:53:32 +01:00
2cadcfe6ab
add CVE-2025-68613
2025-12-25 11:21:28 -05:00
3c57c71baf
Windows support
2025-12-22 19:27:37 -08:00
a44fc954a2
Cacti Graph Template authenticated RCE
2025-12-22 00:53:13 -08:00
8df7347791
Add AVideo notify.ffmpeg.json.php unauthenticated RCE exploit (CVE-2025-34433)
2025-12-19 21:51:41 +01:00
6c4a61fa42
Merge pull request #20761 from Chocapikk/acf-extended-rce
...
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
2025-12-18 16:03:06 -06:00
080f74f862
Update Web-Check documentation with docker-compose.yml setup instructions
2025-12-18 19:19:17 +01:00
5178cdee42
Update Web-Check documentation with git clone command
2025-12-18 18:56:18 +01:00
13f102eb5b
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2025-12-18 18:51:12 +01:00
Valentin Lobstein