adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,971 Commits 27 Branches 1,043 Tags
6d9d9a70d410cc94de4d3d9afd7a75cd426d43be
Commit Graph

38478 Commits

Author SHA1 Message Date
Christophe De La Fuente b9509dc882 Report vulns in ldap_esc_vulnerable_cert_finder 2024-10-16 21:23:21 +02:00
Jack Heysel ee68e47521 Added http_server cleanup 2024-10-15 10:28:39 -07:00
Jack Heysel 7a89db5080 Updated print statements 2024-10-15 09:21:07 -07:00
Jack Heysel 3635dd1c23 Merge branch 'magento_xxe_to_rce' 2024-10-15 09:17:40 -07:00
Jack Heysel 3f6f060933 Updated check method 2024-10-15 09:17:02 -07:00
Diego Ledda 9a245e6e06 Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257) 
Land #19485, Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
 2024-10-15 17:13:15 +02:00
bcoles 27ebde9ad5 Add Linux Execute Command 32-bit/64-bit RISC-V LE payloads 2024-10-15 22:51:36 +11:00
bcoles befabb8887 Add 32-bit/64-bit RISC-V LE NOP sled modules 2024-10-15 22:51:36 +11:00
bcoles 92cf931d6e Add Linux Reboot 32-bit/64-bit RISC-V LE payloads 2024-10-15 22:51:36 +11:00
Diego Ledda 236639f584 Land #19473, Module for unauthenticated SQL Injection Vulnerability in WP Fastest Cache (CVE-2023-6063) 
Land #19473, Module for unauthenticated SQL Injection Vulnerability in WP Fastest Cache (CVE-2023-6063)
 2024-10-15 13:10:59 +02:00
h4x-x0r 7929df2bfd improved reliability 
improved reliability
 2024-10-15 06:26:46 +01:00
Chocapikk a79fd2a1c7 Add right payload for CVE-2024-8529 2024-10-14 18:15:02 +02:00
Chocapikk 193712c7e4 Update 2024-10-14 18:15:02 +02:00
Chocapikk cfe22d4788 Use Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-10-14 18:15:02 +02:00
Chocapikk 145a23625d Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) 2024-10-14 18:15:01 +02:00
Valentin Lobstein f0f0ee88cf Update modules/auxiliary/scanner/http/wp_ultimate_member_sorting_sqli.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:14:11 +02:00
Chocapikk bb651667dd Update 2024-10-14 18:14:11 +02:00
Chocapikk 13497a5a33 Use Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-10-14 18:14:11 +02:00
Chocapikk 1525a61a19 Use negative number 2024-10-14 18:14:10 +02:00
Chocapikk 0fd76f32a0 Remove comments 2024-10-14 18:14:10 +02:00
Chocapikk 668424a444 Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071) 2024-10-14 18:14:10 +02:00
Valentin Lobstein 0686cdbb82 Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00
Valentin Lobstein fdb450955e Update modules/exploits/multi/http/wp_automatic_sqli_to_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-10-14 18:13:19 +02:00
Chocapikk 611a16d368 Update 2024-10-14 18:13:18 +02:00
Chocapikk 465ae37ad2 Use wordpress_sqli_initialize instead 2024-10-14 18:13:18 +02:00
Chocapikk a9f7fb3ace Use Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-10-14 18:13:18 +02:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
Chocapikk 4807b6f3a9 Add banner 2024-10-14 18:11:42 +02:00
Chocapikk 95e64a0a3b Add module for TI WooCommerce Wishlist SQL Injection (CVE-2024-43917) 2024-10-14 18:11:41 +02:00
Chocapikk 36162ab8bb Fix exploitation bug 2024-10-14 18:03:50 +02:00
Chocapikk a87e915028 Update 2024-10-14 18:03:50 +02:00
Chocapikk 37eeeadba6 Use Msf::Exploit::Remote::HTTP::Wordpress::SQLi 2024-10-14 18:03:49 +02:00
Valentin Lobstein a687a6c3c8 Update modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb 2024-10-14 18:03:49 +02:00
Chocapikk 63c3a12bf4 Restore 'tcp' instead of 'http' because 'ActiveRecord::RecordInvalid Validation failed: Proto is not included in the list' 2024-10-14 18:03:49 +02:00
Chocapikk 272c09d2b7 fix typo 2024-10-14 18:03:48 +02:00
Chocapikk b99f0e6e30 Re-add import (to use target_uri) 2024-10-14 18:03:48 +02:00
Valentin Lobstein 41b513cec5 Update modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb 2024-10-14 18:03:48 +02:00
Valentin Lobstein 121dc19ea9 Update modules/auxiliary/scanner/http/wp_fastest_cache_sqli.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-10-14 18:03:47 +02:00
Chocapikk def55173e1 Randomize values + remove useless mixin import 2024-10-14 18:03:47 +02:00
Chocapikk 8553f625a4 Add auxiliary/scanner/http/wp_fastest_cache_sqli 2024-10-14 18:03:46 +02:00
h4x-x0r 5716b6c799 linting 
linting
 2024-10-14 15:56:00 +01:00
h4x-x0r ea74802a5a cleanup 
cleanup
 2024-10-14 15:53:07 +01:00
h4x-x0r bd7cd8b3ba cleanup 
cleanup
 2024-10-14 15:36:45 +01:00
Chocapikk f881a0e592 Remove useless verbosity 2024-10-14 11:46:53 +02:00
Ashley Donaldson 9b4cd2241d Update payload sizes 2024-10-14 15:43:40 +11:00
Ashley Donaldson 1b169efe3d Update payload dependencies 2024-10-14 15:27:15 +11:00
h4x-x0r 34538df83c PoC and Documentation 
PoC and Documentation
 2024-10-14 05:09:29 +01:00
Graeme Robinson 3a79c6d70f rubocop -a on werkzeug_debug_rce.rb 2024-10-13 22:36:35 +01:00
NtAlexio2 6983ec5e12 fix lintings in pipe_dcerpc_auditor 2024-10-13 13:38:05 -04:00
Graeme Robinson f17fc282bc Made suggested changes to werkzeug_debug_rce.rb 2024-10-13 00:19:50 +01:00