adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
66,898 Commits 27 Branches 1,043 Tags
78f2ea39e99e548e4532899d2e50e36bfef074bf
Commit Graph

2835 Commits

Author SHA1 Message Date
Jack Heysel bea4207c62 Land PR #16607 - MyBB RCE Module (CVE-2022-24734) 
This exploit module leverages an improper input validation
vulnerability in MyBB prior to 1.8.30 to execute arbitrary
code in the context of the user running the application.
 2022-05-31 11:59:53 -04:00
Christophe De La Fuente b996f5ee49 Fixes from code review 2022-05-30 16:24:18 +02:00
Christophe De La Fuente bac9be956f Add documentation 2022-05-23 17:27:42 +02:00
Spencer McIntyre 02e7a65b93 Just move the auxiliary module into an exploit 2022-05-16 17:44:31 -04:00
Jake Baines 39567281bf Revised setup guidance 2022-05-13 13:41:05 -07:00
Grant Willcox 2eb31cf765 Add in edits from review 2022-05-13 15:32:12 -05:00
Jake Baines da133a34c8 Updated affected 2022-05-12 03:22:02 -07:00
Jake Baines 617b4ae044 Initial commit of Zyxel unauth command injection (CVE=2022-30525) 2022-05-12 01:43:59 -07:00
Grant Willcox 6354d7a055 Redo explanation of exploit in documentation to appropriately account for various nuances. Also update exploit title and description accordingly. 2022-05-11 16:43:36 -05:00
Heyder Andrade 8a6dd7152e Added tested versions reference 2022-05-11 16:43:12 -05:00
Heyder Andrade 77f60eb21e Added module and documentation for f5 icontrol RCE (CVE-2022-1388) 2022-05-11 16:43:00 -05:00
Grant Willcox 1c934b87b4 Land #16169, Add sploit for Cisco RV340 SSL VPN - CVE-2022-20699 2022-05-11 10:15:08 -05:00
Grant Willcox 68fdb103fe Add in final touch ups to documentation to fix a typo or two for formatting. Also update exploit ranking since this exploit doesn't retrieve version information before exploiting and is not 100% reliable so Excellent ranking isn't appropriate 2022-05-11 09:39:47 -05:00
Grant Willcox 5a04f8253c Land #16551, Add docker documentation for tomcat mgr upload 2022-05-10 12:03:18 -05:00
Grant Willcox 6a7be290ff Add in minor changes to improve overall formatting and presentation of documentation 2022-05-10 12:02:45 -05:00
adfoster-r7 ff410b23a0 Add documentation for tomcat mgr upload 2022-05-10 17:01:40 +01:00
bwatters 92715c883f Land #16423, Add module for exploit CVE-2022-22965 
Merge branch 'land-16423' into upstream-master
 2022-05-10 08:44:06 -05:00
bwatters 43f2b4dcf9 Quick update to the vulhub guidance 2022-05-10 08:42:02 -05:00
dwelch-r7 1f4ee19c05 Expose options for logging to a file in mettle 2022-05-06 14:36:55 +01:00
Spencer McIntyre 7646bf9e0a Update the module docs 2022-05-05 11:26:37 -04:00
space-r7 e2cefe0750 Land #16514, add ZoneMinder exploit module 2022-05-04 17:37:08 -05:00
space-r7 dd0b124e84 fix typo in docs, check some responses 2022-05-04 17:28:37 -05:00
William Vu 6532365dc8 Deregister VHOST 2022-05-03 11:52:50 -05:00
William Vu 8c0cd40a19 Fix VMware Workspace ONE Access CVE-2022-22954 2022-05-03 10:39:58 -05:00
dwelch-r7 a76600f4a9 Land #16462, add support for armle/aarch64 architectures 2022-05-03 15:48:50 +01:00
krastanoel 0f5e31d593 Apply suggestions from code review 
Update documentation common default options

Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-05-03 15:43:38 +07:00
William Vu 4ea72bb7a7 Add log IOC 2022-05-03 02:38:29 -05:00
William Vu 184b1b1e76 Add module doc 2022-05-02 20:41:01 -05:00
Spencer McIntyre c994f8e933 Land #16507, Add WSO2 file upload RCE module 2022-04-29 09:58:55 -04:00
krastanoel bb8c130740 Fix docs typo 2022-04-28 21:57:18 +07:00
krastanoel eba436dd99 Add Zoneminder Language rce module docs 2022-04-28 21:01:00 +07:00
vleminator f8887dbf1c Reflect changes in the console output 2022-04-28 00:22:44 +02:00
Spencer McIntyre 21f8494366 Land #16509, Ensure HTML is escaped in markdown codeblocks 2022-04-27 15:18:50 -04:00
adfoster-r7 9f6950c6c8 Ensure HTML is escaped in markdown codeblocks 2022-04-27 19:51:05 +01:00
Jack Heysel 253cb8580a Responded to comments added retry_until_true 2022-04-27 09:45:18 -07:00
jheysel-r7 266d3bb9ca Apply suggestions from @bcoles code review 
Co-authored-by: bcoles <bcoles@gmail.com>
 2022-04-26 13:40:25 -07:00
Jack Heysel ca0be9c145 Add WSO2 file upload RCE module 2022-04-26 12:29:12 -07:00
Jake Baines de453b8970 Update documentation/modules/exploit/linux/redis/redis_debian_sandbox_escape.md 
Co-authored-by: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2022-04-26 14:42:57 -04:00
Jake Baines d20fd996bd Fix spelling mistakes 2022-04-26 03:38:23 -07:00
Jake Baines 71a4023c0d Initial commit of Redis sandbox escape CVE-2022-0543 2022-04-26 03:32:11 -07:00
Brendan Coles 02d911e655 gdb_server_exec: Cleanup and add support for armle/aarch64 architectures 2022-04-25 19:25:06 +00:00
Grant Willcox e2c6c36b2b Land #1642, Add module for cve-2022-0995 2022-04-21 09:12:47 -05:00
Grant Willcox 78d4ac8592 Update module reliability and also fix issues from bcoles's review 2022-04-20 19:04:27 -05:00
bwatters d9a241defb Fix overzealous source code edit and some version copy/pasta errors 2022-04-20 14:31:32 -05:00
Jake Baines aba48a6905 Improve JSON cleanup, fix jjs specific wording, and moved JJS_PATH to defaultoptions 2022-04-20 06:27:43 -07:00
Jake Baines ae54c8c3d9 Initial implementation of authenticated RCE against ManageEngine ADSelfService Plus (CVE-2022-28810) 2022-04-19 10:33:54 -07:00
Brendan Coles 66fe338297 Move getsimplecms_unauth_code_exec.md documentation to http dir 2022-04-16 16:53:34 +00:00
Grant Willcox b83a4b2a7a Add in fixes to module and documentation from final review 2022-04-14 12:45:15 -05:00
bwatters 83f4473c2a Correct Ubuntu target version 2022-04-14 12:01:38 -05:00
bwatters 03d01d2f72 Remove stray markup 2022-04-14 10:29:54 -05:00