adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,217 Commits 27 Branches 1,043 Tags
72ae91e4bc763da378bbd5be104f642f9d7eebc1
Commit Graph

4882 Commits

Author SHA1 Message Date
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
msutovsky-r7 7d8d0230cb Land #20026, adds module for CVE-2024-57487 
New Exploit Module & Documentation for CVE-2024-57487
 2025-05-14 08:00:20 +02:00
Chocapikk 88ffe892e0 Remove lower bound 2025-05-13 21:48:49 +02:00
Valentin Lobstein 7f98f2fad7 Update modules/exploits/multi/http/wp_user_registration_membership_escalation.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-05-13 21:42:10 +02:00
Chocapikk c415675c39 Reduce wordpress_version calls 2025-05-13 21:42:10 +02:00
Chocapikk a2ff0c1f92 Apply suggestion to store created WordPress admin creds 2025-05-13 21:42:09 +02:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
aaryan-11-x 1e523e4e0b MsfTidy Fixes again 2025-05-13 23:54:36 +05:30
Chocapikk 40002f87f4 Apply suggestion to store created WordPress admin creds 2025-05-11 17:53:06 +02:00
Valentin Lobstein 604672433a Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-05-11 17:19:12 +02:00
Valentin Lobstein ca6e413bea Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-05-11 17:18:51 +02:00
Valentin Lobstein 04915c8c95 Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-05-11 17:18:37 +02:00
Valentin Lobstein 5c8013ad92 Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-05-11 17:18:29 +02:00
Chocapikk 21a9fa848c Add credits 2025-05-07 23:59:06 +02:00
Chocapikk 879027bd5a Update 2025-05-07 23:50:20 +02:00
Valentin Lobstein 2e9d7db238 Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-05-07 23:34:58 +02:00
Valentin Lobstein 23809f0d08 Update modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-05-07 23:34:51 +02:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
aaryan-11-x 30c175675b RuboCop Fixes again 2025-05-06 23:53:24 +05:30
aaryan-11-x 67942d5159 Made changes as requested by moderator 2025-05-06 23:35:07 +05:30
Martin Sutovsky 1f650b0432 Adding SRVHOST check 2025-04-30 17:58:15 +02:00
Martin Sutovsky f2e0fe79be Responding to comments 2025-04-30 17:53:26 +02:00
Martin Sutovsky b117843c00 Addressing comments 2025-04-25 20:17:46 +02:00
Martin Sutovsky 622abe78f8 Adding cleanup option: 2025-04-25 15:53:47 +02:00
Martin Sutovsky 8fe0003bbe Adding cleanup 2025-04-25 15:51:53 +02:00
Martin Sutovsky 77d0fe5ae0 Fixing calling payload 2025-04-25 15:49:24 +02:00
Martin Sutovsky 665065e4df Module init 2025-04-25 14:35:24 +02:00
msutovsky-r7 bdac31037a Land #20028, pgAdmin modules refactor 
Refactor pgAdmin modules to use new lib
 2025-04-21 16:03:35 +02:00
aaryan-11-x 0a3e3c3b6b Made all changes as requested 2025-04-14 23:40:25 +05:30
msutovsky-r7 140b93e802 Land #20022, Langflow RCE module 
Add Langflow unauth RCE module (CVE-2025-3248)
 2025-04-14 08:24:44 +02:00
Takah1ro 1f6d5f36d2 Rubocop formatting and update check 2025-04-12 09:33:54 +09:00
Takahiro Yokoyama 4b588e130e Update modules/exploits/multi/http/langflow_unauth_rce_cve_2025_3248.rb 
Co-authored-by: msutovsky-r7 <martin_sutovsky@rapid7.com>
 2025-04-12 09:16:55 +09:00
Jack Heysel 4c5e0203dd Refactor pgAdmin modules to use new lib 2025-04-11 15:55:46 -07:00
aaryan-11-x de1aa520a4 RuboCop Fixes 2025-04-11 23:02:28 +05:30
aaryan-11-x 6fb4e2ef56 Added exploit module & documentation for CVE-2024-57488 2025-04-11 23:01:33 +05:30
Takah1ro f67dfe6a62 Update check 2025-04-11 21:51:45 +09:00
msutovsky-r7 0b4e133001 Land #20018, pgAdmin Authenticated RCE (CVE-2025-2945) 
pgAdmin Query Tool Authenticated RCE (CVE-2025-2945)
 2025-04-11 10:34:02 +02:00
Takah1ro 718a0bc5c7 Change directory from linux to multi 2025-04-11 14:45:10 +09:00
Jack Heysel 4cec129e1c Responded to comments 2025-04-10 10:53:05 -07:00
Jack Heysel ddb29d6181 Removed unnecessary method 2025-04-10 07:18:42 -07:00
Jack Heysel 290a35b0f6 pgAdmin Query Tool Authenticated RCE (CVE-2025-2945) 2025-04-09 17:32:10 -07:00
Brendan 4da78bd550 Merge pull request #19994 from sfewer-r7/CVE-2021-35587 
Adds exploit module for CVE-2021-35587, an unauthenticated deserialization vulnerability affecting Oracle Access Manager (OAM).
 2025-04-08 08:59:18 -05:00
jheysel-r7 d16eeab32c Merge pull request #19995 from chutton-r7/cve-2025-24813 
Module for CVE-2025-24813
 2025-04-02 14:20:52 -07:00
Jack Heysel b85faf9440 Update documentation 2025-04-02 14:10:46 -07:00
Jack Heysel 3fa7fe68a1 Consolidated Platform check 2025-04-02 13:57:56 -07:00
Jack Heysel c32a34112f Updated register_file_for_clean to account for windows 2025-04-02 13:52:04 -07:00
Jack Heysel 6816589378 Added FileDropper for cleanup 2025-04-02 13:37:39 -07:00
Jack Heysel 4058173a1c Correct spelling 2025-04-02 12:57:20 -07:00
sfewer-r7 59b0860ea1 add in Peterjson as the co-finder with Jang 2025-04-02 20:50:57 +01:00
Jack Heysel 8cd0449550 Responded to comments 2025-04-02 12:50:26 -07:00