82c8b5418e
Land #17936 , PaperCutNG Authentication Bypass with RCE
2023-06-07 15:05:51 +02:00
617aff5a43
Fix up supported payloads and remove nonused parameter
2023-06-02 09:48:03 -05:00
f7d2cdae56
Add in ability to restore settings n documentation changes.
...
Previously there was not the ability to restore the server proxy setting.
This updates the code to do so. Additionally this also updates the documentation
to note that Fetch payloads are incompatible with this module since they
use HTTP connections that will be impacted by this module changing the server's
HTTP proxy settings. There is no way around this.
2023-06-02 09:48:03 -05:00
965311d09e
Fix documentation and fix bug in creating PARMS value
2023-06-02 09:48:02 -05:00
6e89f9b275
Address review comments
2023-06-02 09:48:02 -05:00
8577f21e52
Add in documentation and updated code
2023-06-02 09:48:01 -05:00
05bb3cd182
Update again
2023-06-02 09:48:01 -05:00
c78a9bac1d
Remove dropper target and try expand potential BadChars and limit payload size???
2023-06-02 09:48:01 -05:00
6d066dc649
Add in initial copy of exploit
2023-06-02 09:47:49 -05:00
3875947f7d
Removing unnecessary assignment
2023-05-31 19:17:30 +00:00
6351c66b1e
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:56:13 -07:00
6ad9ebb5c0
Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-31 08:48:53 -07:00
530ed911f4
Fixing ZDI ID
2023-05-30 19:03:01 +00:00
b376dac34b
okay linter
2023-05-30 18:40:59 +00:00
cbf850b2b7
Apparently the comment after the rescue squelchs the linter.
2023-05-30 18:38:48 +00:00
9e38ed4459
Land #17929 , Linux sudoedit LPE (CVE-2023-22809)
...
Linux sudoedit priv esc (CVE-2023-22809)
2023-05-23 09:30:18 -04:00
f464401dde
Land #17782 , Add fetch payloads
...
Add http wget cmd based fetch payload for Linux and Windows
2023-05-18 12:18:27 -04:00
548a2d7ab4
Add fetch payloads for Windows and Linux x64
2023-05-18 10:47:29 -05:00
6c88e85d02
Land #17993 , add invscout RPM privesc
2023-05-17 18:56:42 -05:00
0bc1fdf51d
Add invscout RPM Privilege Escalation
2023-05-17 20:17:55 +10:00
2ca5ca1f63
stronger grep
2023-05-16 16:18:14 -04:00
459cf871cb
Land #17979 , Add exploit for Ivanti Avalanche file upload - CVE-2023-28128
2023-05-16 09:19:33 -05:00
6bee4f56d9
updates from review
2023-05-13 15:49:11 -04:00
560fc9000b
Fix up checks on responses to make sure they are more robust checks
2023-05-12 16:08:47 -05:00
3b2d23eeae
Fix up check method, unduplicate fail_with messages to make them unique, and add @cleanup_needed so we can check if cleanup is needed to avoid unnecessary messages when just checking if the target is vulnerable or not
2023-05-12 14:14:40 -05:00
004a72c32e
ibstat_path: Use AutoCheck, add Notes, resolve Rubocop violations
2023-05-13 01:27:53 +10:00
722de33b6f
address feedback, use cleanup to restore path
...
fix bug where if config restore failed, module would
output that it was both a failure and a success
add akb topic as reference
2023-05-11 13:20:25 -05:00
a445b07233
removing unnecessary call to payload_uri
2023-05-11 16:35:53 +00:00
131f2519bc
Update modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-05-11 10:48:48 -05:00
020ee7ca5c
Land #17964 - Pentaho Business Server Auth Bypass and SSTI - CVE-2022-43769 and CVE-2022-43939
2023-05-11 09:28:55 -05:00
d50bd24c2f
Adding config cleanup.
2023-05-11 04:57:57 +00:00
cb2c6a7d80
Prevent bypass_auth from being called twice when AutoCheck is true
2023-05-11 00:34:47 +00:00
9f6a1c18a1
Minor updates to fix URLs, disclosure date, description, and minor gramatical things
2023-05-10 18:22:00 -05:00
9f0a6503b7
require.js is not the only way, account for this new discovery in code
2023-05-10 13:02:02 -05:00
5d4e68d36c
Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't
2023-05-10 10:36:29 -05:00
1b8f1de7c8
Add in fixes from review, add archive of software, and use uri_encode_mode for encoding parameters.
2023-05-10 10:16:08 -05:00
e514de9aef
add comment about jsf substitution
2023-05-10 09:13:01 -05:00
a485a786ef
Land #17881 , Zyxel chained RCE using LFI and weak password derivation algorithm
2023-05-10 11:49:51 +02:00
4f8024454c
Updates based on cdelafuente-r7 latest comments
2023-05-10 07:46:11 +00:00
c5b0bc68d7
Improved automatic targeting, tested back to major version 14
2023-05-09 23:44:46 +00:00
eff189f221
Ensuring csrf_token is initialized.
2023-05-09 23:43:56 +00:00
43564b5267
Removing unneeded features/options.
2023-05-09 23:43:30 +00:00
79d35ad938
Fixed check method
2023-05-09 14:25:03 -05:00
eca87ea2eb
Updated side effects and fixed fail_withs
2023-05-09 14:25:03 -05:00
348750ea70
Updated Authors
2023-05-09 14:25:02 -05:00
07056a74bc
Pentaho Business Server Auth Bypass and SSTI
2023-05-09 14:24:51 -05:00
908f7ad3f3
Land #17972 , updates to some of the example modules to keep them in line with framework changes
2023-05-09 18:46:25 +01:00
d1e3ce1183
add Ivanti Avalanche file upload
2023-05-08 17:41:52 -05:00
12911d10fb
review comments
2023-05-08 15:25:31 -04:00
f773d348e1
Add in notes about reliability of the module, and also add documentation on 7005 test on Windows 2022
2023-05-08 12:11:01 -05:00
Christophe De La Fuente