10d12570c0
Merge pull request #20791 from Chocapikk/webcheck
...
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2026-01-12 17:14:04 -06:00
ae4a5ac986
Merge pull request #20786 from zeroSteiner/feat/lib/mod-merge-target-info
...
Merge target info into the module info
2026-01-08 18:01:14 -08:00
b9be6ac259
Merge pull request #20785 from Chocapikk/react2shell-clean
...
Update react2shell module: Add Waku framework support
2026-01-08 17:58:48 -08:00
7b1e7d5320
Apply review feedback: move Space limits to targets, use CheckCode::Detected
...
Co-authored-by: bwatters-r7 <bwatters-r7@users.noreply.github.com >
2026-01-08 16:59:17 +01:00
0583a4c983
Apply review feedback: revert Platform, simplify framework_config, improve Waku detection
...
Co-authored-by: jheysel-r7 <jheysel-r7@users.noreply.github.com >
2026-01-08 16:50:55 +01:00
b39e781500
Land #20700 , adds module for Taiga.io RCE (CVE-2025-62368)
...
Adds exploit module for authenticated deserialization vulnerability in Taiga.io (CVE-2025-62368)
2026-01-07 11:53:32 +01:00
0d21fd4cc9
Merge pull request #20692 from msutovsky-r7/persistence/multi/python-site-specific-config-hook
...
Adds module for python site-specific hook persistence
2026-01-06 16:19:31 -08:00
d6bffff143
Putting cmd_exec arguments into single argument
2026-01-06 18:38:31 +01:00
13e93abfdf
Addressing comments
2026-01-06 08:31:46 +01:00
990c6a7a9f
Adds check for presence of directory and sufficient rights
2025-12-19 14:31:05 +01:00
6c4a61fa42
Merge pull request #20761 from Chocapikk/acf-extended-rce
...
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
2025-12-18 16:03:06 -06:00
13f102eb5b
Add Web-Check screenshot API command injection RCE exploit (CVE-2025-32778)
2025-12-18 18:51:12 +01:00
602adeb4c5
Mass rubocop changes
2025-12-18 10:08:31 -05:00
d9498c35f9
Fix react2shell module: sync encoders and payload config with master version (had bad copy)
2025-12-17 23:52:30 +01:00
d4b196b309
Update exploits to note target authors
...
Target authors were selected based on comments that indicated that the
author was only responsible for a set of descrete targets. Authors that
were noted as assisting with target testing, check module development,
etc. were left at the module level.
2025-12-17 17:30:16 -05:00
3b407575fa
Update react2shell module: Add Waku framework support
2025-12-17 23:07:01 +01:00
8945267db6
Remove redundant Platform and Arch definitions
2025-12-17 16:12:31 -05:00
0589121fb9
Update payload options
2025-12-15 18:52:38 -05:00
ca2ac75e16
Change react2shell default encoder
2025-12-12 15:22:34 -08:00
388a967101
Merge pull request #20749 from nakkouchtarek/grav-ssti-rce
...
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
2025-12-11 16:13:09 -08:00
a20e2dfa6e
Use send_request_cgi! for automatic redirect handling
2025-12-11 20:03:17 +01:00
028aa2f544
Wrap zlib require in begin/rescue block for proper error handling
2025-12-11 19:53:02 +01:00
df9f546d01
Use HttpClientTimeout datastore option instead of hardcoded timeout value
2025-12-11 19:52:16 +01:00
80f60b431c
Set default value for FORM_NAME option and remove fallback check
2025-12-11 19:45:24 +01:00
0c921ea2e7
Merge pull request #20725 from Chocapikk/magento
...
Add Magento SessionReaper (CVE-2025-54236) exploit module
2025-12-10 08:56:47 -08:00
d86c5f0908
Merge pull request #20746 from Chocapikk/king-addons
...
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
2025-12-10 08:37:11 -08:00
6a626a855b
Addresses some comments
2025-12-10 17:01:27 +01:00
be4c3c1a91
Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-12-10 06:07:41 +01:00
fc8f07cf91
Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2025-12-10 06:07:23 +01:00
b4d65afcf5
Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE
2025-12-09 22:02:41 +01:00
6bc2bffd8c
Refactor create_admin_user to handle errors internally and remove custom.ini from documentation
2025-12-09 19:20:56 +01:00
1596d42c6a
Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb
...
Co-authored-by: Phil Townes <phil_townes@rapid7.com >
2025-12-09 19:14:44 +01:00
c423ff07c5
Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb
...
Co-authored-by: Phil Townes <phil_townes@rapid7.com >
2025-12-09 19:14:36 +01:00
1a8e88c054
fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182
2025-12-09 09:05:59 +00:00
66279422d1
Merge pull request #20747 from vognik/2025-55182
...
Add CVE-2025-55182 / CVE-2025-66478
2025-12-08 13:41:49 -08:00
e45eda6ead
Replace gsub with encode_base64 delimiter parameter
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-08 19:48:01 +01:00
e08c18c720
Remove ARTIFACTS_ON_DISK side effect
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-08 15:42:29 +01:00
77f4fe9c98
Update module name
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2025-12-08 15:41:31 +01:00
bdd7cb5365
upgraded payload
2025-12-08 01:32:43 -08:00
5fcc33d203
Implement zlib compression before base64 encoding to minimize payload size
2025-12-07 22:25:51 +01:00
d17dc184bf
Strengthen Grav CMS fingerprinting with strict HTML parsing
2025-12-07 17:14:35 +01:00
1dde12b483
fix naming errors
2025-12-06 02:53:38 -08:00
38682b5ed6
refactoring
2025-12-05 14:58:59 -08:00
e1982475ca
replaced the noisy check method with a silent one
2025-12-05 11:32:07 -08:00
7b8c08d778
some refactoring
2025-12-05 10:47:06 -08:00
88309b5a4a
add suggestions from @Chocapikk
2025-12-05 08:02:56 -08:00
918f474fc6
fixed the nits
2025-12-05 00:47:19 -08:00
3669e3cdcc
add unused code
2025-12-05 00:25:21 -08:00
b6188e6f50
fix target_uri error
2025-12-05 00:12:52 -08:00
770e63b0d1
add windows documentation
2025-12-05 00:06:58 -08:00
Brendan