adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,698 Commits 27 Branches 1,043 Tags
84ffa524e592d83e59cd88956e4ccfb2ec7bf96c
Commit Graph

18742 Commits

Author SHA1 Message Date
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Chocapikk 9eb630d993 Add credit 2024-08-28 19:20:32 +02:00
Chocapikk 6bec3d2db0 Lint 2024-08-28 19:16:26 +02:00
igomeow d0d4c3083a Fixing error message 2024-08-28 18:33:31 +02:00
igomeow 2b7cf76fc8 Fixing wrong SideEffects and Reliability values 2024-08-28 18:20:20 +02:00
igomeow 251c1c0c1e Adding check for host operating system 2024-08-28 18:17:36 +02:00
Valentin Lobstein 57343d3bc4 Update modules/exploits/multi/http/wp_givewp_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:20 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk 7f37731396 Lint 2024-08-27 21:14:35 +02:00
Chocapikk 80c784f0e8 Update detail about payloads 2024-08-27 21:07:18 +02:00
Chocapikk 23cd137fbd Update module 2024-08-27 20:28:44 +02:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
Simon Janusz 3ad24b45e3 Land #19241, Remove uri unescape usage 2024-08-27 15:22:43 +01:00
igomeow 6326cac8d4 Fixing nil safe issue 2024-08-26 23:23:43 +02:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow d1ce041fd0 Inital commit and Rubocop fixes 2024-08-26 19:27:20 +02:00
Chocapikk 05b1837e7b Random parameter generation 2024-08-24 17:27:13 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
Takah1ro 39f81e0a45 Update check function 2024-08-21 22:32:53 +09:00
Takah1ro ee58313d64 Update check function 2024-08-21 22:09:56 +09:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Takahiro Yokoyama c66540ef2f Update modules/exploits/linux/http/ray_agent_job_rce.rb 
use MeterpreterTryToFork to avoid a meterpreter session get killed

Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2024-08-21 21:38:37 +09:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Valentin Lobstein fdbf7dd3ef Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-20 18:54:03 +02:00
Takah1ro 91167fc85f Remove unnecessary option 2024-08-20 21:44:11 +09:00
Takah1ro 4d1782640b Update sideeffects 2024-08-20 19:12:18 +09:00
Takah1ro 01b2a1c55c Enable fetch payload 2024-08-20 13:20:42 +09:00
Takah1ro 45677898a8 Add TARGET_URI 2024-08-20 13:08:01 +09:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Takah1ro 99c81d7821 Set default fetch_command to wget 2024-08-20 08:59:39 +09:00
Takah1ro 64bdf54bb0 Use Fetch Payload (Not tested) 2024-08-20 08:56:05 +09:00
Takah1ro a5b9d553fa Update check to use version info 2024-08-20 08:25:27 +09:00
Takah1ro 5be7e09ff0 Update check to use version info 2024-08-20 08:21:48 +09:00
h4x-x0r 362b2427dc Error handling and code cleanup 
Error handling and code cleanup
 2024-08-19 22:47:19 +01:00
Chocapikk 334a9bafa9 Use encoder/php/base64 2024-08-19 18:26:19 +02:00
Chocapikk 3d00f819c6 Update 2024-08-20 07:04:30 +02:00
Chocapikk b0f3bf1576 Add credit 2024-08-20 07:02:59 +02:00
Chocapikk eaf5661896 Lint 2024-08-19 19:27:29 +02:00
Valentin Lobstein f65ccbec73 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:23:59 +02:00
Valentin Lobstein 6ad0b56099 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:16 +02:00
Valentin Lobstein 718c215b96 Update modules/exploits/multi/http/spip_porte_plume_previsu_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-18 21:22:09 +02:00
jheysel-r7 c982aabaa3 Minor update 2024-08-16 12:17:56 -07:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00