ddf07a3d60
Link fix for exploit/multi/http/nibbleblog_file_upload
2025-01-26 19:20:12 +05:30
9bd8590b99
Merge pull request #19793 from sfewer-r7/CVE-2024-55956
...
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution (CVE-2024-55956)
2025-01-15 15:04:45 -06:00
1aba53274f
move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder
2025-01-09 16:32:42 -05:00
1a839c0b33
move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder
2025-01-09 16:30:51 -05:00
4d42c7878e
improve the regex by removing the unnecessary word boundrys, and add a non matching group for the product name. Thanks jvoisin
2025-01-09 11:43:58 +00:00
e340e3ea6c
favor a case statement over the if/elsif blocks (thanks jvoisin).
2025-01-09 11:34:13 +00:00
98f9045e54
improve comment (thanks jvoisin)
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-01-09 11:29:04 +00:00
43792457e5
improve comment (thanks jvoisin)
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-01-09 11:28:48 +00:00
0df004cee7
check for nil here, before we check for the end cdata tag (resolves a linting warning)
2025-01-06 10:41:02 +00:00
3ff685b70e
fix three typos
2025-01-06 09:42:21 +00:00
7fd59b9683
fix date format
2025-01-06 09:26:44 +00:00
fe7334fae2
add in CVE-2024-55956 exploit
2025-01-06 09:26:44 +00:00
63e4df36b3
Merge pull request #19774 from h00die/update_joomla_wordpress
...
Update joomla wordpress stuff
2025-01-01 19:53:30 +00:00
f436f44d83
Merge pull request #19698 from h00die/obsidian
...
obsidian community plugin persistence module
2024-12-30 09:06:58 -08:00
87494a0958
update modules for inclusion into wordpress updater
2024-12-29 17:25:12 -05:00
531ed162db
Land #19733 , exploit module for CVE-2022-40471 - unauthenticated RCE
2024-12-18 12:44:34 +01:00
f2d723d1d0
Modified the code logic as instructed by the reviewer & removed the instance variable
2024-12-17 21:39:30 +05:30
f5329a71df
Added the DELETE_FILES option to delete leftover files by the exploit with the FileDropper mixin
2024-12-17 17:00:06 +05:30
4c51165ec6
Made necessary changes as mentioned by the reviewer
2024-12-17 16:07:58 +05:30
6f9982db54
Land #19647 Added module for WSO2 API Manager RCE
...
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
2024-12-16 07:27:23 -08:00
eb5385a23d
msftidy & Rubocop Fixes
2024-12-16 14:45:04 +05:30
08519defc7
RuboCop Fixes
2024-12-16 11:36:23 +05:30
77d0292be3
additional review for obsidian plugin
2024-12-14 17:38:29 -05:00
add7c7b177
Remove potential NoMethodError in fail_with call
2024-12-12 18:04:10 -08:00
9c8db05dc6
Update modules/exploits/multi/http/wp_time_capsule_file_upload_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-12-12 22:06:04 +01:00
7cf942ca30
peer review
2024-12-11 17:49:43 -05:00
41e7bf8812
Enhance: Rollback to register_file_for_cleanup
...
- Verified that the CWD is the WSO2_SERVER_HOME, allowing the uploaded payload file to be registered for cleanup using register_file_for_cleanup.
- Improved feedback by including the payload filename in the success message.
- Removed redundant on_new_session cleanup logic, as file management is now handled by FileDropper.
2024-12-11 11:58:53 +01:00
7b918b24c9
Add platform
2024-12-11 02:17:11 +01:00
7d559e0b34
Add exploit module for CVE-2024-8856 - WP Time Capsule RCE
2024-12-11 01:14:17 +01:00
0b5e221620
Land #19533 , Update werkzeug rce module
2024-12-09 12:56:35 -08:00
7838a943ce
Update werkzeug_debug_rce.rb
...
Added comments about where version-dependant salts come from
2024-12-08 21:01:17 +00:00
f3f1c893a1
Added cleanup method
2024-12-08 02:12:16 +01:00
c953601335
Fix: it needs at least 2 follows redirect
2024-12-08 00:13:12 +01:00
edb9fdc682
Merge
2024-12-08 00:10:35 +01:00
0e5cf3f7ba
Land #19649 , Primefaces RCE (CVE-2017-1000486)
2024-12-06 16:22:06 -08:00
2357c8ad55
Standardize capitalization of Java Expression Language
2024-12-06 16:00:58 -08:00
8f274f0189
Remove complexity
2024-12-06 22:48:59 +01:00
e33200100d
peer review
2024-12-06 15:34:40 -05:00
f720b519c9
Lint
2024-12-06 06:22:03 -08:00
7c9bddc6e6
Added use of send_request_cgi!
2024-12-06 06:20:46 -08:00
6723c585f2
obsidian plugin module
2024-12-05 17:54:07 -05:00
9de6a898cd
Re-add wordpress detection check
2024-12-05 16:19:15 +01:00
022533db59
Fix check and use rest_route
2024-12-05 16:19:15 +01:00
86bc3ceb5e
Handle case when 2FA is disabled
2024-12-05 16:19:15 +01:00
a123234141
Add CVE-2024-10924
2024-12-05 16:19:09 +01:00
d5f0c6108c
Fix: Ensure api_list returns a list even when created during execution
2024-12-05 14:34:20 +01:00
964261283b
Fix: Handle full-location redirects in send_request_cgi
...
- Resolved an issue where redirects with full-location URLs were not properly handled by `send_request_cgi`.
- Implemented a quick solution for now; open to suggestions for a more robust approach.
- Tested behavior without proxy interference, as Burp previously masked the issue.
2024-12-04 20:05:07 +01:00
fabced539d
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-12-04 16:44:48 +01:00
65acafacfd
Apply suggestions from code review
2024-11-28 08:57:21 -08:00
2115c81654
update using acronis_cyber mixin
2024-11-27 22:21:27 +00:00
0xAryan