9df6879a95
Update modules to use srvhost method
2026-03-03 09:37:25 -05:00
758ac7f2f6
Apply rubocop changes
2026-03-03 09:34:49 -05:00
fc49421939
Replace checks for nonroutable addresses
...
This consolidates modules that check for a nonroutable SRVHOST value and
replaces it with OptAddressRoutable, defaulting to a reasonable address.
2026-03-03 09:34:49 -05:00
92e77de800
Update to use OptAddressRourtable for SRVHOST
2026-03-03 09:34:48 -05:00
6f84c83135
Merge pull request #21000 from Chocapikk/add-modules-majordomo-rce
...
Add three MajorDoMo unauthenticated RCE modules
2026-03-02 05:20:22 -05:00
615ca34e29
Fix: Remove explicit timeouts from send_request_cgi calls
2026-02-27 14:42:00 +01:00
6923badeac
Fix: Use background thread for cycle.php bootstrap instead of timeout
2026-02-27 14:34:24 +01:00
76d103e483
Fix: Bootstrap cycle tables and update lab documentation
...
Add cycle.php bootstrap request in cmd_injection module to create
missing MEMORY tables before starting the cycle_execs.php worker.
Update all three module docs with curl in Dockerfile, Docker gateway
instructions, Options sections, and verified scenario outputs.
2026-02-27 14:33:04 +01:00
1e4c184512
Merge pull request #20988 from adfoster-r7/add-solarwinds-srvhost-defaults
...
Add solarwinds srvhost defaults
2026-02-24 04:41:23 -05:00
05c12bb033
Feat: Add three MajorDoMo unauthenticated RCE modules
...
- CVE-2026-27174: Console eval RCE via missing exit after redirect
- CVE-2026-27175: Command injection via rc/index.php + cycle_execs race condition
- CVE-2026-27180: Supply chain RCE via update URL poisoning in saverestore module
All three modules include documentation with Docker lab setup instructions.
2026-02-21 08:34:31 +01:00
2c7348ec50
Add solarwinds srvhost defaults
2026-02-20 18:23:41 +00:00
b6f37bef11
Land #20976 , adds module for StoryChief WP plugin (CVE-2025-7441)
...
Add StoryChief WordPress 1.0.42 unauthenticated RCE module (CVE-2025-7441)
2026-02-19 10:06:25 +01:00
9c7347d6b5
Trriged failed_with and Removed unnecessary line
2026-02-18 02:20:36 +02:00
faca50288d
Enhance CheckCode::Safe message for clarity
...
Update CheckCode::Safe to include a detailed message.
2026-02-18 00:14:18 +02:00
8ee79fa524
Add StoryChief WordPress 1.0.42 unauthenticated RCE module
2026-02-16 00:44:20 +02:00
bbfe139e7f
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 15:01:52 +01:00
b1758de52b
Adding version control on the check method
2026-02-13 14:42:07 +01:00
d90b3fdc89
Resolving compatibility issues
...
In the last version of ChurchCRM (6.8.0), in order to be correct, the
url in the post request needed to end with a '/'. This issues is now
fixed and the exploit work again on the 6.8.0 version.
2026-02-13 14:36:52 +01:00
efcd0411e4
Adding a code to the check method
2026-02-13 14:04:40 +01:00
fe302d30e1
Refactoring the code
2026-02-13 13:43:00 +01:00
dcf4221cff
Adding support for fetch payload
2026-02-13 13:23:40 +01:00
a4ec3cd40d
Merge pull request #20917 from sfewer-r7/solarwinds-webhelpdesk-rce
...
Add exploit module for SolarWinds Web Help Desk (CVE-2025-40536 + CVE-2025-40551)
2026-02-13 06:51:42 -05:00
3e98c7a045
Changing code according to Rubocop
2026-02-13 11:35:11 +01:00
06eba2245e
Creating a check method
2026-02-13 11:34:46 +01:00
867624cad3
Removing default option
...
The default option has been remove in favor of metasploit's default
selection.
2026-02-13 10:42:42 +01:00
dc2e73b44a
Adding a failwith if the injection fail
2026-02-13 09:57:39 +01:00
aacbd1d180
Changing PHP injection logic
...
The PHP payload is injected directly into the PHP code injection. The
cleanup method has been remove in favor of a InitialAutoRunScript that
clear the config file.
2026-02-13 09:52:48 +01:00
78f4b8f97d
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-13 08:50:23 +01:00
35b52df28a
Merge pull request #20849 from haicenhacks/haicen_xerte
...
Add three modules for exploiting Xerte Online Toolkits
2026-02-12 15:01:42 -05:00
803e6d3991
adds auto-check and fixes print statements
2026-02-12 12:58:01 -05:00
0af126cba9
adds ability to create a project if none exist.
2026-02-12 12:50:00 -05:00
930bb4fecd
fixes error in .htaccess policy generation
2026-02-12 12:43:16 -05:00
b4f26d0329
conform to uri normalization pattern
2026-02-12 12:42:33 -05:00
f25fab7c40
fixes error in .htaccess policy generation
2026-02-12 12:41:28 -05:00
66aad682d6
changes the .htaccess payload to use heredoc
2026-02-11 18:30:20 -05:00
208dc3489c
fixes linting errors
2026-02-11 17:55:21 -05:00
2c7b7e8b5c
Merge pull request #20942 from rudraditya21/attack-exploit-privesc
...
Add MITRE ATT&CK mappings for exploit and privilege escalation modules
2026-02-11 15:38:59 -06:00
838d047b66
Fix the GHSA notation
2026-02-11 11:27:24 +01:00
af3ce4a0f5
Changing placeholders to random text inside request
...
The 'alter_config' function has been altered in order to use random text
as placeholder to fake information in the configuration. The GHSA is
fixed too.
2026-02-11 11:26:59 +01:00
7c9f18bbab
Shorten the if condition's format
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:48:54 +01:00
fc9d2b2fce
adding CONFIG_CHANGES to side effect
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-11 10:47:49 +01:00
37fe98c7bd
Merge branch 'master' into multi/http/churchcrm_unauth_rce
2026-02-10 16:34:08 +01:00
68e17f2b13
Normalizes URI construction
2026-02-09 20:56:08 -05:00
a1b02d1139
adds newlines between functions
2026-02-09 20:53:36 -05:00
3ee7bd435b
changes URI construction to comply with standards
2026-02-09 20:45:10 -05:00
e28afb7e12
renames files to conform to standards
2026-02-09 20:30:33 -05:00
d8fd09b156
adds newline between functions
2026-02-09 20:30:29 -05:00
98d8e35d85
adds checks to address nil condition on variables
2026-02-09 20:30:25 -05:00
f852aac863
Changes url structure to conform to requested changes
2026-02-09 20:30:18 -05:00
60b0209914
Improves module vulnerability check
2026-02-09 20:29:50 -05:00
adfoster-r7