adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38,513 Commits 27 Branches 1,043 Tags
81fa068ef0a0669c2deb124e3fcd9efdbeb5281d
Commit Graph

9433 Commits

Author SHA1 Message Date
h00die 81fa068ef0 pulling out the get params 2016-06-15 12:27:31 -04:00
h00die 52db99bfae vars_post for post request 2016-06-15 07:24:41 -04:00
h00die 625d60b52a fix the other normalize_uri 2016-06-14 15:03:07 -04:00
h00die 72ed478b59 added exploit rank 2016-06-13 18:56:33 -04:00
h00die f63273b172 email change 2016-06-11 21:05:34 -04:00
h00die d63dc5845e wvu-r7 comment fixes 2016-06-09 21:52:21 -04:00
h00die 6f5edb08fe pull uri from datastore consistently 2016-06-08 20:28:36 -04:00
h00die c2699ef194 rubocop fixes 2016-06-03 17:43:11 -04:00
h00die 68d647edf1 Merge branch 'master' of https://github.com/rapid7/metasploit-framework into op5 2016-06-01 18:05:18 -04:00
h00die 52d5028548 op5 config exec 2016-06-01 15:07:31 -04:00
wchen-r7 fb678564b1 Land #6923, Check the correct check code for ms13_081_track_popup_menu 2016-05-31 11:40:02 -05:00
wchen-r7 fb95abc645 Land #6909, Add WordPress Ninja Forms unauthenticated file upload 2016-05-25 15:40:10 -05:00
wchen-r7 14e1baf331 Minor style changes 2016-05-25 15:39:26 -05:00
rastating 19c4d5b02b Remove hard coded target path 2016-05-25 18:04:26 +01:00
William Webb 028b1ac251 Land #6816 Oracle Application Testing Suite File Upload 2016-05-24 18:27:10 -05:00
Brent Cook 5c6b93c1cf Land #6883, Add Ubiquiti airOS exploit 2016-05-24 07:26:40 -05:00
Brent Cook 5bf8891c54 Land #6882, fix moodle_cmd_exec HTML parsing to use REX 2016-05-23 23:25:22 -05:00
rastating adb8098b8c Fix typo 2016-05-24 00:16:04 +01:00
rastating aae7c25603 Add WordPress Ninja Forms unauthenticated file upload module 2016-05-23 23:47:41 +01:00
William Vu 6581fbd294 Add note about "mf" malware 
This is the malware I found upon shelling my friend's device.
 2016-05-20 23:09:10 -05:00
wchen-r7 506356e15d Land #6889, check #nil? and #empty? instead of #empty? 2016-05-19 19:23:04 -05:00
wchen-r7 99a573a013 Do unless instead "if !" to follow the Ruby guideline 2016-05-19 19:21:45 -05:00
William Vu a16f4b5167 Return nil properly in rescue 
Missed this because I copypasta'd myself.
 2016-05-19 15:35:38 -05:00
William Vu d018bba301 Store SSH key as a note 
I know, I know, it should use the creds model. >:[
 2016-05-19 15:12:58 -05:00
William Vu 9f738c3e41 Add note about overwritten files 2016-05-19 15:07:27 -05:00
William Vu 8fccb26446 Add Ubiquiti airOS exploit 
Thanks to my friend wolf359 for providing a test device!
 2016-05-19 14:50:20 -05:00
ssyy201506 31bbcfca49 Fix ms13_081_track_popup_menu 2016-05-19 17:22:47 +09:00
Vex Woo b5284375a7 osb_uname_jlist - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:16:53 -05:00
Vex Woo 11fedd7353 ca_totaldefense_regeneratereports - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:15:28 -05:00
Vex Woo a6405beeda ams_hndlrsvc - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:13:40 -05:00
Vex Woo 41bcdcce61 fix struts_code_exec_exception_delegator - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:11:57 -05:00
Vex Woo bc257ea628 fix struts_code_exec - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-18 00:10:32 -05:00
Vex Woo 68b83c6e3a datastore['CMD'].blank? 2016-05-17 23:56:59 -05:00
Vex Woo a4e7e373f3 fix ams_xfr.rb - NoMethodError undefined method 'empty?' for nil:NilClass 2016-05-17 17:55:18 -05:00
wchen-r7 e8ac568352 doesn't look like we're using the tcp mixin 2016-05-17 03:15:26 -05:00
wchen-r7 08394765df Fix #6879, REXML::ParseException No close tag for /div 2016-05-17 03:14:00 -05:00
Brent Cook cf0176e68b Land #6867, Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-16 19:00:10 -05:00
wchen-r7 8e85e8f9d7 Land #6859, Add TP-Link sc2020n Module 2016-05-15 12:33:54 -05:00
Brent Cook 21d74a64fe Land #6874, Improve exploit for CVE-2016-0854 2016-05-14 11:08:17 -05:00
Brent Cook 0d176f2c92 remove a couple of unnecessary ternary ops 2016-05-14 11:07:43 -05:00
Brent Cook a940481f62 Land #6834, Authorized FTP JCL exploit for z/OS 2016-05-13 21:29:45 -05:00
Brent Cook 5c494480e6 handle failure more gracefully 2016-05-13 21:29:25 -05:00
wchen-r7 3b5db26ff5 Fix #6872, change upload action for CVE-2016-0854 exploit 
This patch includes the following changes:

* Instead of the uploadFile action, this patch uses uploadImageCommon
  to be able to support both Advantech WebAccess builds: 2014 and
  2015.
* It uses an explicit check instead of the passive version check.
* It cleans up the malicious file after getting a session.
* Added module documentation to explain the differences between
  different builds of Advantech WebAccess 8.0s, and 8.1.

Fix #6872
 2016-05-13 19:47:18 -05:00
Bigendian Smalls 2d5cf6cfe4 Authorized FTP JCL exploit for z/OS 
This exploit module allows a user with credentials to execute JCL on a
vulnerable mainframe system running z/OS and an appropriately configured
FTP server.
 2016-05-12 14:46:31 -05:00
wchen-r7 8f9762a3e5 Fix some comments 2016-05-12 00:19:18 -05:00
wchen-r7 da293081a9 Fix a typo 2016-05-11 22:48:23 -05:00
wchen-r7 9d128cfd9f Add Dell SonicWALL Scrutinizer 11.0.1 MethodDetail SQL Injection 2016-05-11 22:27:18 -05:00
Nicholas Starke 4b23d2dc58 Adjusting exception handling 
This commit adjusts the error handling to close the socket before
calling fail_with and adds specific exceptions to catch
 2016-05-11 17:18:51 -05:00
HD Moore 32e1a19875 Fix up the disclosure date 2016-05-11 00:18:22 -05:00
HD Moore ded79ce1ff Fix CVE syntax 2016-05-10 23:18:45 -05:00