9696e709ae
Remove unused vprint_status conditional
2020-12-09 22:48:16 -06:00
a33a6e6c55
Don't be lazy about checking the redirect
...
And don't be lazy about sending the request.
To trigger UnexpectedExceptionPage, we can send bogus data instead of
telegraphing our payload-less gadget chain.
God, I'm so lazy. This took like five extra minutes. :|
2020-12-09 21:09:49 -06:00
d337d832b8
Land #14422 , add GitLab file read/rce
2020-12-09 11:34:14 -06:00
941762b3c5
remove trailing commas
2020-12-09 11:29:00 -06:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
835059f00c
[CVE-2020-10977] Gitlab arbitrary file read to RCE
2020-12-07 01:26:54 +00:00
f6f78d4710
Make changes suggested in code review
2020-11-26 13:46:02 +01:00
7fa10a0684
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:02 +01:00
5dc7e8f04e
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:02 +01:00
78c042cbb7
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
7894f1eb9a
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
fcde932e1b
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
2a9898df25
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
9a35a5fdee
Remove frozen_string_literal directive
...
Remove directive that was added by `rubocop -A`, as suggested in review.
Note that this results in an additional offense being reported by rubocop
2020-11-26 13:46:01 +01:00
e33a2ca463
Use cleanup method to perform cleanup
2020-11-26 13:46:01 +01:00
f6d39147af
Removed pointless comment.
2020-11-26 13:46:01 +01:00
2de77b6e8a
Refactored code. Primarily line length increased.
2020-11-26 13:46:01 +01:00
012b040fc1
Reformat code layout to satisfy msftidy
2020-11-26 13:46:01 +01:00
41ff86178b
Add new module exploit module
...
Add new module /exploits/multi/http/apache_nifi_processor_rce.rb
2020-11-26 13:46:01 +01:00
63a98adff0
Land #14427 , phpstudy_backdoor_rce.rb TARGETURI handling and default value modifications
2020-11-25 10:32:53 -06:00
ca28f59ac4
Update the description of the TARGETURI option to reflect the recent changes
2020-11-25 10:32:17 -06:00
95665e916c
Land #14416 , wordpress plugin 'simple file list' rce
2020-11-25 09:58:26 -05:00
94c157bc95
Tweak the documentation and module output just a little for clarity
2020-11-25 09:58:07 -05:00
31426576e0
Land #14264 , Add exploit/multi/http/kong_gateway_admin_api_rce
2020-11-25 11:09:02 +00:00
c8fc5b52cf
TARGETURI Default value modification
...
TARGETURI Default value modification
2020-11-24 14:05:49 +08:00
8e299de712
Update modules/exploits/multi/http/kong_gateway_admin_api_rce.rb
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2020-11-22 14:49:51 +00:00
a988e85d90
remove not needed code
2020-11-22 09:07:11 -05:00
92c92f1573
simple file list rce
2020-11-21 08:51:07 -05:00
72a6993408
Add patch bypass (CVE-2020-14750) to references
...
We were already using it... but now there's a CVE.
2020-11-18 10:57:05 -06:00
78999bb92c
Add an exploit from Exploit-DB
...
Written by either (Nguyen) Jang or Mohammed Althibyani. Not used by the
module.
https://www.exploit-db.com/exploits/48971
2020-11-18 10:56:03 -06:00
83beae731f
Add WebLogic Administration Console Handle RCE
...
CVE-2020-14882
CVE-2020-14883
2020-11-18 10:56:02 -06:00
d6b412c58e
Land #14340 , Add HorizontCMS 1.0.0-beta exploit module and documentation
2020-11-13 13:03:04 +01:00
ce7031e263
Add suggestions from code review
2020-11-11 07:41:22 -05:00
768fb7d3a7
remove cwe-74 from cmsms
2020-11-10 11:43:42 -05:00
65e1ef4cb8
Land #14253 , add wp-file-manager rce for wordpress
2020-11-10 08:48:33 -06:00
4382f6ff55
add filedropper usage
2020-11-10 08:47:53 -06:00
e7a20ec47c
Add CVE ID to module and docs
2020-11-05 07:05:32 -05:00
a0087842fb
Fix an earlier merge mistake, was meant to replace URI.escape with Rex::Text.uri_encode() but instead replaced it with CGI.escape. Fix it to be Rex::Text.uri_encode()
2020-11-04 14:39:16 -06:00
d50ac2972d
Land #14222 , Update php_fpm_rce.rb to replace depreciated URI.encode calls with Rex::Text::uri_encode
2020-11-04 14:04:28 -06:00
79e83cdceb
add rubocop change
2020-11-04 10:09:00 -06:00
e49d99a80d
add AutoCheck usage, minor changes
2020-11-04 10:04:14 -06:00
cf954888da
Add horizontcms_upload_exec module and documentation
2020-11-02 13:01:13 -05:00
bb9464801e
Make changes suggested in review
...
* Add better explanation of public-api-port option in documentation
* Add example in scenarios where admin API is on different host to
public API (therefore public-api-port option must be used)
* Add targeturi option
* Add version number that has been tested in 2 places in documentation
2020-10-27 21:13:45 +00:00
d6a91f8965
Remove some unnecessary comments
2020-10-16 00:34:12 +08:00
8d02a1a4c6
Use Rex::MIME for building MIME message
2020-10-16 00:26:10 +08:00
8d43fa4848
Module can now use mkfile+put method to exploit vulnerability.
2020-10-15 17:46:40 +08:00
a8341d72ae
skip cleanup when using check method
2020-10-14 17:17:09 +01:00
97f9c67ff1
Use class's cleanup method
2020-10-14 16:25:42 +01:00
f6b5053666
Add exploit/multi/http/kong_gateway_admin_api_rce
2020-10-13 16:56:34 +01:00
b9df68cbb6
Fix module according to Rubocop, make documentation follow standard.
2020-10-11 19:04:06 +08:00
William Vu