9a245e6e06
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
...
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
2024-10-15 17:13:15 +02:00
145a23625d
Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529)
2024-10-14 18:15:01 +02:00
668424a444
Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071)
2024-10-14 18:14:10 +02:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
95e64a0a3b
Add module for TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
2024-10-14 18:11:41 +02:00
8553f625a4
Add auxiliary/scanner/http/wp_fastest_cache_sqli
2024-10-14 18:03:46 +02:00
34538df83c
PoC and Documentation
...
PoC and Documentation
2024-10-14 05:09:29 +01:00
5228acb0f1
Update werkzeug_debug_rce docs to show modified output
2024-10-13 23:11:52 +01:00
f369a80fcc
Satisfy msftidy_docs against werkzeug_debug_rce.md
2024-10-13 22:55:12 +01:00
6d272759dc
Add Browser Version Detection and display System Information
2024-10-11 12:13:48 +02:00
b2ad59d0aa
Add modules/exploits/linux/local/udev_persistence.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-10-10 23:08:23 +02:00
44b33b8010
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
91beef1dbb
Add BROWSER_TYPE option to choose between Chromium, Gecko, or both for data extraction
2024-10-10 20:08:14 +02:00
cd487715c4
[Added] Migration to explorer.exe for user-context based extraction
2024-10-10 12:32:19 +02:00
dab5d66e37
Test and respond to comments
2024-10-09 22:52:55 -07:00
a4ef40a233
Updated docs with Options section
2024-10-09 13:08:20 -07:00
e8711c5b20
Magento XXE to GLIBC buffer overflow
2024-10-09 12:53:29 -07:00
3211edd83c
docs: review changes
2024-10-09 12:18:35 -04:00
2762132830
docs: adding motd_persistence docs
2024-10-08 11:22:13 -04:00
f3bb48f277
Update werkzeug_debug_rce documentation to include new logged messages
2024-10-07 11:56:16 +01:00
97c5afed52
Update werkzeug exploit module documentation
2024-10-06 20:19:48 +01:00
9eda0338af
Improved readability and other small fixes
2024-10-06 10:19:10 +02:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
1cdaeac843
Land #19463 Add Acronis Cyber Default Password RCE
...
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
2024-10-02 16:02:50 -04:00
dc03b02857
Merge pull request #19510 from bcoles/cups_browsed_info_disclosure
...
Add cups-browsed Information Disclosure module
2024-10-02 13:48:40 -05:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
8761226b97
Land #19456 VICIdial Auth RCE module
...
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
2024-09-30 17:13:33 -04:00
7cf5782b13
Add cups-browsed Information Disclosure module
2024-09-28 02:35:39 +10:00
a4fd4df052
Merge branch 'rapid7:master' into enum_browsers
2024-09-27 08:06:17 +02:00
10a4b24ed7
Better file clean
2024-09-27 01:17:07 +02:00
c43a4f4b0b
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
05ff8359b8
Merge pull request #19436 from h4x-x0r/CVE-2024-6670
...
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
2024-09-26 17:04:30 -04:00
dbc020a745
Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc
...
Land #19441 , Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
2024-09-26 14:07:17 -05:00
f106f1cf2c
Add enum_browsers post exploitation module
...
This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API (DPAPI) and can extract additional data such as browsing history, keyword search history, download history, autofill data, and credit card information.
2024-09-26 19:21:42 +02:00
6c3e9338f7
Updated documentation
...
Updated documentation
2024-09-26 05:50:52 +01:00
456c57b031
Merge pull request #19453 from Chocapikk/vicidial_sqli
...
Add VICIdial Time-based SQL Injection Module (CVE-2024-8503)
2024-09-25 14:19:42 -04:00
5f95b2bf0d
Documentation
...
Documentation
2024-09-25 17:15:54 +01:00
d11c2be4ea
Merge pull request #19375 from h4x-x0r/CVE-2024-20419
...
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
2024-09-24 12:19:54 -04:00
8e2dbbbd56
Land #19416 , Add Traccar RCE module
...
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
2024-09-23 15:25:02 -07:00
5408d0b5ac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:26 +02:00
b18cb3ecac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:19 +02:00
9e6adea0dc
Add BYOB Unauthenticated RCE module exploiting arbitrary file write and command injection (CVE-2024-45256, CVE-2024-45257)
2024-09-21 04:00:56 +02:00
589b0f8331
updated documentation
2024-09-20 10:29:17 +00:00
8e62f22315
fifth release with the option to use your own SSH private key
2024-09-20 09:50:13 +00:00
8b197a60f9
fourth release addressing review comments of jheysel-r7
2024-09-19 20:54:55 +00:00
ae8df6c34b
Add working documentation + working exploit
2024-09-18 17:00:18 +02:00
f62f5b2c9c
Add working documentation
2024-09-18 16:30:07 +02:00
9971aed96f
third release addressing majority of the review comments
2024-09-17 19:23:38 +00:00
d7fa23f30f
Apply suggestions from code review
...
Co-authored-by: bcoles <bcoles@gmail.com >
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-17 19:00:48 +02:00
Diego Ledda