3e3e81ff22
Update documentation with new datastore options
2024-11-14 15:15:06 +11:00
e709a18128
Merge pull request #19404 from bwatters-r7/smb2http_relay
...
SMB to NTLM HTTP Relay with ESC8 module
2024-11-05 14:12:08 -05:00
006ed90f1c
Move the ESC8 module and document the attack
2024-11-04 09:37:12 -05:00
ea45d83562
Land #19499 , Adds SolarWinds Help Desk Backdoor module
...
This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application.
2024-10-31 12:17:32 -04:00
2e8892cb01
Land #19517 , Add WooCommerce SQLi module
...
This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords.
2024-10-31 12:09:55 -04:00
222df0bfdf
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353)
...
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
2024-10-30 16:29:14 -04:00
7b745b2dcb
Merge pull request #19506 from xaitax/enum_browsers
...
Add Browser Data Extraction for Chromium- and Gecko-based Browsers
2024-10-30 15:30:56 +00:00
d107ac8470
Land #19488 Add aux module for unauth SQLi in Ultimate Member plugin
2024-10-30 09:06:17 -04:00
094250f7e7
Land #19489 Add WordPress wp-automatic SQLi to RCE module
2024-10-30 09:05:03 -04:00
87af327507
Merge branch 'master' into wp_ultimate_member_sorting_sqli
2024-10-29 16:34:10 -04:00
7ccb2991f6
Improve nonce detection, fix bug
2024-10-29 19:41:47 +01:00
6fb49a27e0
[Added] Improvements after review
2024-10-24 13:48:50 +02:00
ae213813b5
Updates from code review
2024-10-22 14:41:02 +02:00
d950bf7bb3
updated
...
updated
2024-10-21 20:51:41 +01:00
87b2cb7f5a
Fix Readme
2024-10-20 23:19:17 +02:00
ecd9f99d16
[Added] Extract Browser Cache
2024-10-20 23:15:18 +02:00
a2d8d7dd76
[Added] Extract Installed Browser Extensions (Name & Version)
2024-10-20 21:23:06 +02:00
59d026acd3
Land #19544 , Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow iconv() of GLIBC (CVE-2024-2961)
2024-10-18 14:39:54 +02:00
6ca0bb74fd
Add workflow docs
2024-10-17 11:23:31 -04:00
2e4315b3c9
Add support to icpr_cert for ESC15
2024-10-17 11:23:31 -04:00
3bd875c4e6
Land #19563 , Update metabase setuptoken rce to support older versions
2024-10-17 10:42:26 +01:00
e85ee0271d
Land #19482 , LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529)
2024-10-17 11:13:49 +02:00
7b400f18fe
Fix metabase rce to support older versions
2024-10-17 10:10:50 +01:00
9a245e6e06
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
...
Land #19485 , Module BYOB Unauthenticated RCE (CVE-2024-45256, CVE-2024-45257)
2024-10-15 17:13:15 +02:00
145a23625d
Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529)
2024-10-14 18:15:01 +02:00
668424a444
Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071)
2024-10-14 18:14:10 +02:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
95e64a0a3b
Add module for TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
2024-10-14 18:11:41 +02:00
8553f625a4
Add auxiliary/scanner/http/wp_fastest_cache_sqli
2024-10-14 18:03:46 +02:00
6d272759dc
Add Browser Version Detection and display System Information
2024-10-11 12:13:48 +02:00
44b33b8010
Fixed multiple sessions and instability
2024-10-10 11:36:16 -07:00
91beef1dbb
Add BROWSER_TYPE option to choose between Chromium, Gecko, or both for data extraction
2024-10-10 20:08:14 +02:00
cd487715c4
[Added] Migration to explorer.exe for user-context based extraction
2024-10-10 12:32:19 +02:00
dab5d66e37
Test and respond to comments
2024-10-09 22:52:55 -07:00
a4ef40a233
Updated docs with Options section
2024-10-09 13:08:20 -07:00
e8711c5b20
Magento XXE to GLIBC buffer overflow
2024-10-09 12:53:29 -07:00
3211edd83c
docs: review changes
2024-10-09 12:18:35 -04:00
2762132830
docs: adding motd_persistence docs
2024-10-08 11:22:13 -04:00
9eda0338af
Improved readability and other small fixes
2024-10-06 10:19:10 +02:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
1cdaeac843
Land #19463 Add Acronis Cyber Default Password RCE
...
This adds an RCE module Acronis Cyber Infrastructure Default Password [CVE-2023-45249]
2024-10-02 16:02:50 -04:00
dc03b02857
Merge pull request #19510 from bcoles/cups_browsed_info_disclosure
...
Add cups-browsed Information Disclosure module
2024-10-02 13:48:40 -05:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
8761226b97
Land #19456 VICIdial Auth RCE module
...
This adds a module to exploit CVE-2024-8504 an authenticated RCE in VICIdial
2024-09-30 17:13:33 -04:00
7cf5782b13
Add cups-browsed Information Disclosure module
2024-09-28 02:35:39 +10:00
a4fd4df052
Merge branch 'rapid7:master' into enum_browsers
2024-09-27 08:06:17 +02:00
10a4b24ed7
Better file clean
2024-09-27 01:17:07 +02:00
c43a4f4b0b
Fixed cluster ID issue
2024-09-26 21:53:27 +00:00
05ff8359b8
Merge pull request #19436 from h4x-x0r/CVE-2024-6670
...
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
2024-09-26 17:04:30 -04:00
Ashley Donaldson