61fa0c40b8
Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md
2024-08-27 14:14:28 -04:00
bc7840ea7f
Add wp_givewp_rce exploit module
2024-08-27 19:50:35 +02:00
6c24e0a952
Land #19393 , Update OFBiz ProgramExport RCE for Patch Bypass
...
Merge branch 'land-19393' into upstream-master
2024-08-27 11:48:38 -05:00
c32c1e3a66
Update doc
2024-08-24 17:31:09 +02:00
4ee30b24cb
Rewrite wp_backup_migration_php_filter
2024-08-24 17:16:58 +02:00
f3a220518a
Land #19394 , SPIP Unauthenticated RCE Exploit
2024-08-21 13:58:26 +01:00
62ab17b14d
Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload.
2024-08-20 19:41:05 +02:00
c7d20853d6
Update documentation
2024-08-19 19:51:36 +02:00
3d90eb0f43
Add spip_porte_plume_previsu_rce
2024-08-16 10:50:23 +02:00
ea10360c81
Update OFBiz ProgramExport RCE for Patch Bypass
2024-08-15 09:18:15 -07:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
92f6445856
added documentation
2024-07-11 21:24:50 +00:00
7746c8877e
Add sysinfo Meterpreter output and target OS version numbers
2024-07-09 16:31:01 -05:00
06da60cade
Adding atlassian_confluence_rce_cve_2024_21683 documentation
...
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
2024-07-09 14:05:43 -05:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
ade11a5a4b
Added default options fixed Verification Steps
2024-06-14 16:41:12 -07:00
1dfd5da51e
Apache OFBiz Dir Traversal RCE
2024-06-14 16:41:12 -07:00
b9b638dd83
Land #19196 , Cacti import package RCE
...
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the Import Packages feature to upload a specially crafted package
that embeds a PHP file.
2024-06-12 15:43:46 -07:00
45815a4cb5
Code review
2024-06-12 19:47:02 +02:00
67ec4baa66
PR-19208: Add DefaultTarget to the info hash
2024-06-05 10:14:48 +02:00
6b127249fa
Add suggestions
2024-05-31 20:56:03 +02:00
4fdf6df1e7
Fix doc
2024-05-28 20:16:33 +02:00
bea708d24c
Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE
2024-05-28 18:27:02 +02:00
c6c5f2bf7a
Add module, lib and documentation
2024-05-22 17:38:53 +02:00
10acd86390
Land #19071 , Add AVideo RCE module
...
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
2024-05-21 14:27:15 -04:00
da31761336
Lint
2024-05-15 22:13:53 +02:00
3560860e33
Update documentation/modules/exploit/multi/http/avideo_wwbnindex_unauth_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-05-15 22:07:29 +02:00
26a108aadc
Land #19046 , Apache Solr Backup Restore RCE [CVE-2023-50386]
2024-04-23 14:08:33 -04:00
b8675f0fd7
Land #19005 , Add Gambio Webshop Unauth RCE
...
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
2024-04-19 12:18:17 -07:00
331c961412
update module and documentation with tax country logic
2024-04-18 19:13:19 +00:00
84ea514180
Land #19026 , Add pgadmin exploit CVE-2024-2044
...
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
2024-04-16 14:12:41 -07:00
9cf4372f2b
Clean up some of the module's documentation
2024-04-16 13:36:21 -04:00
1174344b76
Land #18918 , Add CrushFTP Module CVE-2023-43177
...
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
2024-04-12 12:26:16 -07:00
162fc91193
Add CVE-2024-31819
2024-04-09 22:09:10 +02:00
7f62dd2143
Responded to comments
2024-04-04 13:39:22 -07:00
978fb46e52
added documentation
2024-04-04 17:35:12 +00:00
03fced404a
Apache Solr Backup Restore RCE
...
Writing file to disk working
working on linux
wip authentcaiton
Consolodated conf folders into one
Renamed conf1 to conf in msf data dir
Randomize the configuration name
Docs plus finishing touches
rubocop
Updated exploit file location
Removed unused external dir
Reduced conf folder
2024-04-02 11:33:52 -07:00
43d1bd9a2e
Add docs and fix CSRF token for v7.0
2024-03-29 14:05:39 -04:00
e6e13e7b45
Fixes from code review
2024-03-29 12:18:16 +01:00
abb2eb7ffd
Land #18891 , Add RCE module for wp bricks builder
...
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
2024-03-26 14:46:35 -07:00
4546fd1600
small updates documentation
2024-03-26 19:34:12 +00:00
57a45a0b55
CrushFTP exploit module CVE-2023-43177 and documentation
2024-03-25 12:41:24 +01:00
d240d17113
added documentation
2024-03-24 10:30:36 +00:00
44c5422e07
Land #18922 , JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198)
2024-03-13 20:16:27 +01:00
5c56d6a4fc
typo
2024-03-05 14:47:04 +00:00
b925f798e5
typo and clarify description
2024-03-05 14:39:17 +00:00
aac4ef09cc
add in disclosure date and blogs
2024-03-05 11:09:22 +00:00
jheysel-r7