222df0bfdf
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353)
...
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
2024-10-30 16:29:14 -04:00
7b745b2dcb
Merge pull request #19506 from xaitax/enum_browsers
...
Add Browser Data Extraction for Chromium- and Gecko-based Browsers
2024-10-30 15:30:56 +00:00
d107ac8470
Land #19488 Add aux module for unauth SQLi in Ultimate Member plugin
2024-10-30 09:06:17 -04:00
094250f7e7
Land #19489 Add WordPress wp-automatic SQLi to RCE module
2024-10-30 09:05:03 -04:00
87af327507
Merge branch 'master' into wp_ultimate_member_sorting_sqli
2024-10-29 16:34:10 -04:00
7ccb2991f6
Improve nonce detection, fix bug
2024-10-29 19:41:47 +01:00
6fb49a27e0
[Added] Improvements after review
2024-10-24 13:48:50 +02:00
ae213813b5
Updates from code review
2024-10-22 14:41:02 +02:00
87b2cb7f5a
Fix Readme
2024-10-20 23:19:17 +02:00
ecd9f99d16
[Added] Extract Browser Cache
2024-10-20 23:15:18 +02:00
a2d8d7dd76
[Added] Extract Installed Browser Extensions (Name & Version)
2024-10-20 21:23:06 +02:00
59d026acd3
Land #19544 , Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961)
2024-10-18 14:39:54 +02:00
6ca0bb74fd
Add workflow docs
2024-10-17 11:23:31 -04:00
2e4315b3c9
Add support to icpr_cert for ESC15
2024-10-17 11:23:31 -04:00
3bd875c4e6
Land #19563 , Update metabase setuptoken rce to support older versions
2024-10-17 10:42:26 +01:00
e85ee0271d
Land #19482 , LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529)
2024-10-17 11:13:49 +02:00
7b400f18fe
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
9a245e6e06
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
...
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
2024-10-15 17:13:15 +02:00
145a23625d
Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529)
2024-10-14 18:15:01 +02:00
668424a444
Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071)
2024-10-14 18:14:10 +02:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
8553f625a4
Add auxiliary/scanner/http/wp_fastest_cache_sqli
2024-10-14 18:03:46 +02:00
6d272759dc
Add Browser Version Detection and display System Information
2024-10-11 12:13:48 +02:00
44b33b8010
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
91beef1dbb
Add BROWSER_TYPE option to choose between Chromium, Gecko, or both for data extraction
2024-10-10 20:08:14 +02:00
cd487715c4
[Added] Migration to explorer.exe for user-context based extraction
2024-10-10 12:32:19 +02:00
dab5d66e37
Test and respond to comments
2024-10-09 22:52:55 -07:00
a4ef40a233
Updated docs with Options section
2024-10-09 13:08:20 -07:00
e8711c5b20
Magento XXE to GLIBC buffer overflow
2024-10-09 12:53:29 -07:00
3211edd83c
docs: review changes
2024-10-09 12:18:35 -04:00
2762132830
docs: adding motd_persistence docs
2024-10-08 11:22:13 -04:00
9eda0338af
Improved readability and other small fixes
2024-10-06 10:19:10 +02:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
1cdaeac843
Land #19463 Add Acronis Cyber Default Password RCE
...
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
2024-10-02 16:02:50 -04:00
dc03b02857
Merge pull request #19510 from bcoles/cups_browsed_info_disclosure
...
Add cups-browsed Information Disclosure module
2024-10-02 13:48:40 -05:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
8761226b97
Land #19456 VICIdial Auth RCE module
...
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
2024-09-30 17:13:33 -04:00
7cf5782b13
Add cups-browsed Information Disclosure module
2024-09-28 02:35:39 +10:00
a4fd4df052
Merge branch 'rapid7:master' into enum_browsers
2024-09-27 08:06:17 +02:00
10a4b24ed7
Better file clean
2024-09-27 01:17:07 +02:00
c43a4f4b0b
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
05ff8359b8
Merge pull request #19436 from h4x-x0r/CVE-2024-6670
...
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
2024-09-26 17:04:30 -04:00
dbc020a745
Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc
...
Land #19441 , Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
2024-09-26 14:07:17 -05:00
f106f1cf2c
Add enum_browsers post exploitation module
...
This post-exploitation module extracts sensitive browser data from both Chromium-based and Gecko-based browsers on the target system. It supports the decryption of passwords and cookies using Windows Data Protection API (DPAPI) and can extract additional data such as browsing history, keyword search history, download history, autofill data, and credit card information.
2024-09-26 19:21:42 +02:00
456c57b031
Merge pull request #19453 from Chocapikk/vicidial_sqli
...
Add VICIdial Time-based SQL Injection Module (CVE-2024-8503)
2024-09-25 14:19:42 -04:00
d11c2be4ea
Merge pull request #19375 from h4x-x0r/CVE-2024-20419
...
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
2024-09-24 12:19:54 -04:00
8e2dbbbd56
Land #19416 , Add Traccar RCE module
...
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
2024-09-23 15:25:02 -07:00
5408d0b5ac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:26 +02:00
b18cb3ecac
Update documentation/modules/exploit/unix/webapp/byob_unauth_rce.md
2024-09-23 18:40:19 +02:00
jheysel-r7