a454217bd4
Update info -d markdown
2025-06-24 11:21:49 +01:00
37388ca1be
Adds sentinel values to modules missing notes
2025-06-23 12:24:58 +01:00
a4b14d8b64
Runs Rubocop to fix layout in modules
2025-06-20 15:18:01 +01:00
30809787c4
Convert disclosure dates to iso8601
2020-10-02 21:00:37 +01:00
959cbde6eb
Clean up module
2018-05-16 05:29:25 -05:00
6764bdb36f
Fix Jenkins Ldap Deserialization Remote Use
...
It appears the original exploit had been deliberately sabotaged to not work remotely. We have fixed this egregious error.
2017-02-14 17:05:25 +00:00
6c0450fe95
add check for jenkins ldap exploit
...
we just check for X-Jenkins <= 2.31. this is not completely correct because the exploit probably doesn't work on some earlier versions.
2017-01-13 12:40:33 +00:00
036328df5c
Fix msftidy issue
2017-01-12 13:26:41 +00:00
e09b7a96f1
Add YSOSerial command options
2017-01-12 13:21:58 +00:00
0b32af8d43
Remove duplicate validation
2017-01-12 09:59:55 +00:00
0a30e775d1
Fix msftidy issues
2017-01-11 23:43:01 +00:00
08690e5e11
Exploit for CVE-2016-9299 (Jenkins CLI Ldap Deser)
...
This is based on Matthias Kaiser's presentation at deepsec. We build a chain that connects back to our LDAP server and trigger it over the CLI HTTP interface. The LDAP server then serves a second chain based on YSOSerial commons-collection which triggers Runtime.exec. The second chain doesn't run with Jenkin's class filtering so succeeds.
2017-01-11 23:23:02 +00:00
cgranleese-r7