adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52,170 Commits 27 Branches 1,043 Tags
53ea7e577fc516d751ccd493555eb336f27dd160
Commit Graph

1838 Commits

Author SHA1 Message Date
William Vu a0c6035380 Prefer initial slash in normalize_uri 
I missed the indirect call in check. This decides on a style.

If a URI part contains a slash, we begin with a slash.
 2019-05-30 00:08:17 -05:00
William Vu 0b4cc5b547 Update go_go_gadget2 2019-05-22 15:03:44 -05:00
William Vu 6d004862e4 Update go_go_gadget1 2019-05-22 15:03:44 -05:00
William Vu be89a4d9c5 Update exploit method 2019-05-22 15:03:05 -05:00
William Vu f70b3d13a0 Update metadata 2019-05-22 15:03:05 -05:00
bwatters-r7 966582a10c Land #11833, moodle_cmd_exec nil check 
Merge branch 'land-11833' into upstream-master
 2019-05-20 13:08:11 -05:00
William Vu 0328814241 Indent ternary statement in struts2_rest_xstream 2019-05-20 12:35:52 -05:00
Wei Chen ad08c4e56b Land #11828, Add CVE-2017-18357: Shopware Object Instantiation 2019-05-17 18:22:48 -05:00
Wei Chen 9b46e7a347 Normalize PHP payload path 2019-05-17 18:20:59 -05:00
Shelby Pace 6210a28f32 added checks to at, changed some uris 2019-05-15 15:40:27 -05:00
stevenseeley 1df703b85f added some vprint_error calls in the check 2019-05-13 17:36:06 -05:00
stevenseeley e8fec2a77b don't override the check method 2019-05-12 20:08:52 -05:00
h00die 74fbcaf908 moodle_cmd_exec nil check 2019-05-10 14:02:01 -04:00
stevenseeley bca160f4c4 final commit: fixed check method to not print as suggested by @bcoles 2019-05-10 09:45:21 -05:00
stevenseeley 6427cb31bf fixed regex a lil 2019-05-09 22:53:39 -05:00
stevenseeley 5ff8394df0 @bcoles is a purist :p 2019-05-09 22:21:26 -05:00
stevenseeley 7953f85c16 updated error message to be NoAccess 2019-05-09 21:29:48 -05:00
stevenseeley a700fcec5d changed regex as suggested by @bcoles 2019-05-09 21:18:14 -05:00
stevenseeley e769ae5c90 fixed some error conditions, changed regex as suggested by @bcoles 2019-05-09 21:14:54 -05:00
stevenseeley 2ff1adb1be fixed timing of exec 2019-05-09 20:58:14 -05:00
stevenseeley 6ffd1d5e95 updated module to address @bcoles's comments 2019-05-09 20:53:49 -05:00
stevenseeley 65c3163518 updated module credits with original discoverer 2019-05-09 17:35:47 -05:00
stevenseeley ba2baa7652 updated module randomization a little more 2019-05-09 16:14:35 -05:00
stevenseeley 2649fa0d65 added a new line at the end 2019-05-09 15:35:00 -05:00
stevenseeley 9b200840a4 added module for CVE-2017-18357 2019-05-09 15:19:01 -05:00
stevenseeley aaa0dd2532 added module for CVE-2017-18357 2019-05-09 15:17:43 -05:00
stevenseeley 89e3a07518 added module for CVE-2017-18357 2019-05-09 15:08:33 -05:00
Cha0s bd349b8a23 Removed Spaces EOL 2019-05-04 23:24:20 -05:00
Cha0s 4bf0adeade Module corrections 
Corrections in: author metadata, references, removing handler, removing unused  code branch and vulnerable variable, improve module description
 2019-05-04 23:11:40 -05:00
Waqas Ali 48b7f7c904 Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:54 -05:00
Waqas Ali 75c78b761e Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:46 -05:00
Waqas Ali 3a7ebbdc3d Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:26 -05:00
Waqas Ali 33c2a9592a Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:14 -05:00
truerandom ea3e8e5bae exploit module for cve-2019-11231 2019-05-01 20:05:57 -04:00
Shelby Pace a88858fc8b Land #11779, add Rails Doubletap Dev mode RCE 2019-05-01 08:35:28 -05:00
Wei Chen 1fd54e20fb Update target name 2019-04-30 10:13:01 -05:00
Wei Chen 29344d15b6 Update rails_double_tap doc and module based on bcole feedback 2019-04-30 10:11:32 -05:00
Wei Chen 88f7ed25e3 Land #11784, Fix NoMethodError in jira_plugin_upload exploit module 2019-04-29 10:59:41 -05:00
Shelby Pace 10e141c73d Land #11697, add Pimcore unserialize RCE 2019-04-29 08:52:49 -05:00
Shelby Pace d5f76f328a removed version from module title 2019-04-29 08:43:33 -05:00
Shelby Pace 31f4c842a6 added a few checks 2019-04-26 16:18:14 -05:00
Wei Chen 2141036f13 Remove the extra newline 2019-04-26 12:59:50 -05:00
Fabio Cogno e9e50b2ae3 Refactoring - login function 2019-04-26 19:53:54 +02:00
Shelby Pace 3de617fea5 add checks for xsrf_token 2019-04-26 11:09:33 -05:00
Wei Chen cc9216d848 Clean up the extra space 2019-04-25 16:39:40 -05:00
Wei Chen 9a40f24c46 Add CVE-2019-5420 : Ruby on Rails DoubleTap secret_key_base Vuln 2019-04-25 14:30:46 -05:00
Adam Cammack f14571364f Properly encode URL 2019-04-19 12:35:36 -05:00
asoto-r7 a84aa4e148 Adjusted imeout for the final POST, abort cleanly on failure 2019-04-18 11:57:23 -05:00
asoto-r7 06792f7cd4 Moved documentation to 'documentation' folder 2019-04-16 14:16:52 -05:00
asoto-r7 0aaae062a4 Updated RPORT to 8090, reduced timeout of final exec.vm request to 5 sec 2019-04-16 14:13:35 -05:00