b743296f48
Reapply "This adjusts module options that need a routable address"
...
This reverts commit 628275ef59
2026-03-26 14:43:31 -04:00
1faa27f7e6
Fix encoding issues in files
2026-03-25 19:01:57 +00:00
b3aa45fb09
Land #20719 , adds module for authenticated command injection in FreePBX filestore (CVE-2025-64328)
...
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-13 11:00:43 +01:00
c882d91155
Merge pull request #21025 from Hemang360/cookie-jar-doc-fix
...
Fix HttpCookie integer conversion and cookie jar docs
2026-03-13 00:08:13 +00:00
16b55848b4
Fix: Remove duplicate Content-Type header from FreePBX requests
...
send_request_cgi already sets Content-Type when vars_post is used.
Setting it manually in headers causes a duplicate header.
2026-03-11 20:09:52 +01:00
2b0f1c3c21
Fix: Omit default port from Referer header in FreePBX mixin
...
FreePBX rejects ajax requests when the Referer includes :80 for HTTP
or :443 for HTTPS. Only include the port when it differs from the
protocol default.
2026-03-11 20:06:08 +01:00
c42e44e349
Optimize FreePBX module: cache auth/version, reduce verbosity, inline single-use functions
2026-03-11 19:43:29 +01:00
c266e687c2
Add authenticated RCE module for FreePBX filestore (CVE-2025-64328)
2026-03-11 19:43:28 +01:00
e6ee6a7c94
Land #20961 , adds service reporting to Wordpress mixin
...
Update Wordpress Mixin to log services
2026-03-10 09:05:05 +01:00
c6aabc1c75
Land #21001 , adds module for SPIP Saisies plugin (CVE-2025-71243)
...
Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-03-09 10:34:52 +01:00
628275ef59
Revert "This adjusts module options that need a routable address"
2026-03-08 17:37:49 +00:00
3f2a07bdca
Update #make_steal_credentials_payload to just take url
2026-03-03 09:37:27 -05:00
bfbc425469
Remove type check
...
Co-authored-by: gardnerapp <70026825+gardnerapp@users.noreply.github.com >
2026-03-01 15:12:44 +05:30
a6eb33b657
Fix httpcookie constructor to handle non string value
2026-02-27 14:58:37 +05:30
7e937b3d5a
Land #21010 , adds reporting the service to Gitlab mixin
...
Update Gitlab mixin logs
2026-02-26 16:14:35 +01:00
0e60332411
Minor code changes
2026-02-25 14:46:34 +01:00
98b3357e2a
Adds beyondtrust lib, moves functionality into library, shares those functions to two modules
2026-02-24 16:16:05 +01:00
ae24f73a73
more simplification for gitlab_version function
2026-02-24 02:42:10 +02:00
8df17c6c50
Simplifying version handling in GitLab exploit module
2026-02-24 02:26:14 +02:00
dd6a2f97e9
Apply suggestion from @msutovsky-r7
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2026-02-24 02:19:32 +02:00
b227635c7b
Fix service name reporting for WordPress exploit
2026-02-23 13:31:32 +01:00
9aa58fcb52
Refactor WordPress service reporting
2026-02-23 13:31:32 +01:00
d069cba900
Update Wordpress Mixin to log services
2026-02-23 13:31:32 +01:00
a8dcc9616c
update gitlab mixin logs
2026-02-23 05:40:59 +02:00
a8f66a23d9
Feat: Add SPIP Saisies plugin RCE module (CVE-2025-71243)
2026-02-21 09:32:53 +01:00
81e54d42e4
Merge pull request #20856 from msutovsky-r7/exploit/cve-2026-21858
...
Adds module for Ni8mare (CVE-2026-21858)
2026-02-16 10:06:14 -05:00
0a5eb04be1
Removes puts
2026-02-04 11:59:41 -05:00
6a1babf6c3
Updates docs, fixes JWT, module cleanup
2026-02-04 12:40:41 +01:00
dbe8b5574f
Updates JWT
2026-02-04 07:52:21 +01:00
9a18fcf49b
Fixes JWT payload and base64 encoding
2026-02-02 14:13:51 +01:00
a6e750518d
Fixes basic JWT encoding, code refactors, add better failure codes and messages
2026-02-02 11:17:26 +01:00
32eaa4e80b
Adds base for JWT signing
2026-02-02 08:05:32 +01:00
34cebd1453
Update CheckCode messaging
2026-01-22 15:03:32 +01:00
99e032f4af
SmarterTools SmarterMail Unauth File Upload RCE [CVE-2025-52691]
2026-01-22 15:03:30 +01:00
c47a74d0dd
Merge pull request #20770 from vognik/Splunk_2022-43571_CVE-2024-36985
...
Add Splunk RCE Exploits (CVE-2022-43571 & CVE-2024-36985)
2026-01-20 12:36:51 -08:00
9e320dd168
add suggestions from @jheysel-r7
2026-01-19 18:45:01 -08:00
9fbf4e1d67
replace vprint_status with print_status in login.rb module
2025-12-18 08:59:55 -08:00
59dc9dd59c
fix error handling
2025-12-17 09:57:03 -08:00
6d059bd62e
improve csrf token parsing
2025-12-17 09:53:28 -08:00
1d4b8ce10e
add pagination support to get_apps function
2025-12-16 10:03:08 -08:00
35dd55159d
extracted get_apps url into uris.rb
2025-12-13 11:35:25 -08:00
ebd736272f
fix variables naming
2025-12-13 11:21:08 -08:00
b35c8b3926
remove unused function calls
2025-12-12 20:31:14 -08:00
ee404d9453
add splunk modules (cve-2022-43571 and cve-2024-36985)
2025-12-12 13:16:57 -08:00
6215da4754
Apply review suggestions: use case/when, improve error handling, simplify code
2025-11-20 22:41:08 +01:00
11c64b8f10
Update lib/msf/core/exploit/remote/http/flowise.rb
...
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com >
2025-11-20 21:55:10 +01:00
6ab2452153
Fix documentation inconsistency: update ports for Flowise 3.0.1 (3005) and add Basic Auth service example
2025-11-19 22:58:27 +01:00
44cf2e309f
Add Flowise RCE exploits (CVE-2025-59528, CVE-2025-8943) with shared mixin, documentation, and Docker Compose setup
2025-11-19 22:12:49 +01:00
96a83143f1
Merge pull request #20479 from msutovsky-r7/exploit/sitecore/postauth-rce
...
Adds modules for Sitecore XP post-auth remote code executions (CVE-2025-34510, CVE-2025-34511)
2025-09-11 11:25:27 -07:00
fa64376c5c
Adds comments for login function
2025-09-01 15:50:21 +02:00
Spencer McIntyre