adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,698 Commits 27 Branches 1,043 Tags
84ffa524e592d83e59cd88956e4ccfb2ec7bf96c
Commit Graph

3860 Commits

Author SHA1 Message Date
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Valentin Lobstein 2900d45e9f Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:32 +02:00
Chocapikk 06a9583cfd Fix typo 2024-08-27 22:16:11 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk d249711480 Update doc 2024-08-27 20:27:46 +02:00
jheysel-r7 61fa0c40b8 Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md 2024-08-27 14:14:28 -04:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow b3605bd951 Documentation 2024-08-26 19:59:17 +02:00
Chocapikk c32c1e3a66 Update doc 2024-08-24 17:31:09 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Chocapikk c7d20853d6 Update documentation 2024-08-19 19:51:36 +02:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
Takah1ro 209f172aa1 Update document 2024-08-16 08:56:01 +09:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
jheysel-r7 ea10360c81 Update OFBiz ProgramExport RCE for Patch Bypass 2024-08-15 09:18:15 -07:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00
dledda-r7 f211fcb6a6 Land #19370, LG Simple Editor Command Injection 2024-08-14 10:22:29 -04:00
cgranleese-r7 36322ff274 Land #19348, Apache HugeGraph Gremlin RCE (CVE-2024-27348) 2024-08-14 10:06:21 +01:00
Takah1ro 0ffe335660 Add module docs 2024-08-10 10:59:00 +09:00
Takah1ro 064d463c37 Formatting doc 2024-08-08 07:45:16 +09:00
Takah1ro 35354c8407 Update document 2024-08-07 21:20:09 +09:00
Takah1ro a92b51904a Update document 2024-08-07 21:16:32 +09:00
h4x-x0r 8732d7cd58 LG Simple Editor Command Injection (CVE-2023-40504) Module 
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
 2024-08-07 05:16:25 +01:00
Takah1ro b7e4247d22 Avoid using CVE as option 2024-08-07 08:43:57 +09:00
Takah1ro b487dadf8c Remove explicit return 2024-08-05 13:01:11 +09:00
Takah1ro ab38c83d9c Update module document 2024-08-05 08:51:56 +09:00
Takah1ro 93f1362d22 Add module document 2024-08-05 08:47:29 +09:00
h00die-gr3y 8f0d22ded4 Fourth release module and documentation 2024-08-02 21:04:50 +00:00
Jack Heysel 75c737dabe Responded to comments 2024-08-02 10:47:53 -07:00
h4x-x0r 2ce0a7a3fd v7.15 Support added 
Updated to work with v7.15 too.
 2024-08-02 15:43:26 +01:00
h4x-x0r c8eb919af8 rm calibre 
rm calibre
 2024-08-02 06:18:34 +01:00
h4x-x0r 6dbb264a0d Calibre Python Code Injection (CVE-2024-6782) 
New Exploit Module for Calibre Python Code Injection (CVE-2024-6782)
 2024-08-02 06:03:15 +01:00
h4x-x0r 025354b0ef Calibre Python Code Injection (CVE-2024-6782) 
Exploit Module for Calibre Python Code Injection (CVE-2024-6782)
 2024-08-02 05:56:46 +01:00
h4x-x0r 6e3f95fd3a Delete documentation/modules/exploit/multi/misc/calibre_exec.md 2024-08-01 23:29:34 -05:00
h4x-x0r 80961b0fef Merge branch 'rapid7:master' into my_awesome_branch 2024-08-01 22:57:36 -05:00
h4x-x0r 6aa4d2e806 Documentation for Exploit Module Calibre Python Code Injection (CVE-2024-6782) 2024-08-01 23:56:33 -04:00
h00die-gr3y 75b3afb0ce Third release module and documentation 2024-07-31 14:34:44 +00:00
dledda-r7 48c69b99fb Land #19344, FortiClient EMS FCTID SQLi to RCE fix for 7.2.x 2024-07-31 09:43:19 -04:00