adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,698 Commits 27 Branches 1,043 Tags
84ffa524e592d83e59cd88956e4ccfb2ec7bf96c
Commit Graph

6587 Commits

Author SHA1 Message Date
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Valentin Lobstein 2900d45e9f Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:32 +02:00
bwatters 02eb49ed00 Land #19395, Electerm post password gather module 
Merge branch 'land-19395' into upstream-master
 2024-08-27 16:17:45 -05:00
Chocapikk 06a9583cfd Fix typo 2024-08-27 22:16:11 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk d249711480 Update doc 2024-08-27 20:27:46 +02:00
jheysel-r7 61fa0c40b8 Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md 2024-08-27 14:14:28 -04:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
bwatters f74b7ccef5 Land #19415, Update the ldap_esc_vulnerable_cert_finder module 
Merge branch 'land-19415' into upstream-master
 2024-08-26 18:28:33 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow b3605bd951 Documentation 2024-08-26 19:59:17 +02:00
Chocapikk c32c1e3a66 Update doc 2024-08-24 17:31:09 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
Spencer McIntyre 4cfa93f878 Update the ldap_esc_vulnerable_cert_finder module 2024-08-23 16:49:30 -04:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
三米前有蕉皮 c37b697b99 Update documentation/modules/post/multi/gather/electerm.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-08-22 22:27:51 +08:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Chocapikk c7d20853d6 Update documentation 2024-08-19 19:51:36 +02:00
dledda-r7 afd0f1974b Land #19373, Fortra FileCatalyst Workflow SQL Injection 2024-08-19 04:10:58 -04:00
cn-kali-team 57a327a9f4 doc 2024-08-16 23:40:04 +08:00
cn-kali-team c4c58e466d doc 2024-08-16 20:07:16 +08:00
cn-kali-team 1127225363 electerm 2024-08-16 20:04:57 +08:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
Takah1ro 209f172aa1 Update document 2024-08-16 08:56:01 +09:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
jheysel-r7 ea10360c81 Update OFBiz ProgramExport RCE for Patch Bypass 2024-08-15 09:18:15 -07:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00
dledda-r7 f211fcb6a6 Land #19370, LG Simple Editor Command Injection 2024-08-14 10:22:29 -04:00
cgranleese-r7 36322ff274 Land #19348, Apache HugeGraph Gremlin RCE (CVE-2024-27348) 2024-08-14 10:06:21 +01:00
h4x-x0r 9c72a85134 Verified more versions 
Verified exploit against more affected versions
 2024-08-14 06:33:45 +01:00
h4x-x0r 75201b0892 Updated references 
references, affected versions, credits
 2024-08-14 05:15:36 +01:00
h4x-x0r 7bfc386973 Updated 
added error handling, documentation, version check, store_valid_credential
 2024-08-14 04:57:08 +01:00
h4x-x0r 26d6347919 Code cleanup 
Code cleanup
 2024-08-11 06:15:24 +01:00
h4x-x0r 5fa18a66ee Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module
 2024-08-11 05:41:07 +01:00
Takah1ro 0ffe335660 Add module docs 2024-08-10 10:59:00 +09:00
Takah1ro 064d463c37 Formatting doc 2024-08-08 07:45:16 +09:00
Takah1ro 35354c8407 Update document 2024-08-07 21:20:09 +09:00
Takah1ro a92b51904a Update document 2024-08-07 21:16:32 +09:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00