adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76,638 Commits 27 Branches 1,043 Tags
8cfcfa3f7873e80d9188300aab2caf6727b4fa00
Commit Graph

1049 Commits

Author SHA1 Message Date
tastyrce 8479350b3e Update documentation 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2025-03-28 03:17:47 +11:00
tastyrce 8423d6ff87 Update removal of default page while installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:11:21 +11:00
tastyrce 9bdff3e803 Add extra dependencies during installation 
Co-authored-by: Diego Ledda <diego_ledda@rapid7.com>
 2025-03-27 22:10:32 +11:00
tastyrce 162e73a62e add module documentation 2025-03-22 04:57:38 -04:00
Brendan 9bd8590b99 Merge pull request #19793 from sfewer-r7/CVE-2024-55956 
Cleo LexiCom, VLTrader, and Harmony Unauthenticated Remote Code Execution (CVE-2024-55956)
 2025-01-15 15:04:45 -06:00
h00die 1a839c0b33 move acronis_cyber_protect_unauth_rce_cve_2022_3405 inside the http folder 2025-01-09 16:30:51 -05:00
sfewer-r7 3ff685b70e fix three typos 2025-01-06 09:42:21 +00:00
sfewer-r7 fe7334fae2 add in CVE-2024-55956 exploit 2025-01-06 09:26:44 +00:00
jheysel-r7 f436f44d83 Merge pull request #19698 from h00die/obsidian 
obsidian community plugin persistence module
 2024-12-30 09:06:58 -08:00
Martin Sutovsky 531ed162db Land #19733, exploit module for CVE-2022-40471 - unauthenticated RCE 2024-12-18 12:44:34 +01:00
jheysel-r7 6f9982db54 Land #19647 Added module for WSO2 API Manager RCE 
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
 2024-12-16 07:27:23 -08:00
aaryan-11-x d196591845 Modified documentation 2024-12-16 15:47:30 +05:30
aaryan-11-x 06528abe05 Added documentation 2024-12-16 15:33:29 +05:30
h00die 77d0292be3 additional review for obsidian plugin 2024-12-14 17:38:29 -05:00
Chocapikk e06dd6deea Update documentation 2024-12-12 22:10:11 +01:00
h00die 7cf942ca30 peer review 2024-12-11 17:49:43 -05:00
Chocapikk 7d559e0b34 Add exploit module for CVE-2024-8856 - WP Time Capsule RCE 2024-12-11 01:14:17 +01:00
jheysel-r7 0b5e221620 Land #19533, Update werkzeug rce module 2024-12-09 12:56:35 -08:00
Graeme Robinson 4ce4cf472e Update werkzeug_debug_rce.md 
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.

Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
 2024-12-08 21:11:03 +00:00
jheysel-r7 0e5cf3f7ba Land #19649, Primefaces RCE (CVE-2017-1000486) 2024-12-06 16:22:06 -08:00
h00die 6723c585f2 obsidian plugin module 2024-12-05 17:54:07 -05:00
Chocapikk 5290750cca Update doc 2024-12-05 16:19:14 +01:00
Chocapikk a123234141 Add CVE-2024-10924 2024-12-05 16:19:09 +01:00
Heyder Andrade fabced539d Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-04 16:44:48 +01:00
h00die-gr3y a945a54fc3 Merge remote-tracking branch 'origin/master' into acronis-rce 2024-11-27 21:50:53 +00:00
h00die 492ccca1aa review 2024-11-23 12:43:35 -05:00
Heyder Andrade dc445ed1ac Apply suggestions from code review 2024-11-23 00:57:08 +01:00
Heyder Andrade 09d84eaabb Added module for WSO2 API Manager Documentation File Upload Remote Code Execution 
Closes #19646

on-behalf-of: @redwaysecurity <info@redwaysecurity.com>
 2024-11-14 18:34:11 +01:00
remmons-r7 b712f9a745 Create cups_ipp_remote_code_execution.md 2024-11-11 15:53:14 -06:00
jheysel-r7 222df0bfdf Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353) 
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
 2024-10-30 16:29:14 -04:00
h00die-gr3y 6aeb9d130b added the output option to the documentation 2024-10-25 14:13:18 +00:00
h00die-gr3y ae176fdfd5 update based on review comments of adfoster-r7 2024-10-25 14:01:10 +00:00
h00die-gr3y d9f8b66d21 updated documentation with some small tweaks 2024-10-23 17:36:00 +00:00
h00die-gr3y 331a3ad74a second release module and documentation with some small tweaks 2024-10-23 14:40:00 +00:00
h00die-gr3y 82e0b34670 added documentation 2024-10-23 13:11:14 +00:00
Chocapikk 6c099f2b73 Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956) 2024-10-14 18:13:17 +02:00
Graeme Robinson 5228acb0f1 Update werkzeug_debug_rce docs to show modified output 2024-10-13 23:11:52 +01:00
Graeme Robinson f369a80fcc Satisfy msftidy_docs against werkzeug_debug_rce.md 2024-10-13 22:55:12 +01:00
Graeme Robinson f3bb48f277 Update werkzeug_debug_rce documentation to include new logged messages 2024-10-07 11:56:16 +01:00
Graeme Robinson 97c5afed52 Update werkzeug exploit module documentation 2024-10-06 20:19:48 +01:00
Valentin Lobstein 48e740d1fc Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com>
 2024-10-03 16:34:24 +02:00
Chocapikk 58878db970 update doc 2024-10-02 19:56:22 +02:00
Chocapikk fbb74a6d2d Add bypass for GiveWP RCE (CVE-2024-8353) 2024-10-02 19:53:20 +02:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
Jack Heysel c11ef15897 Removed unnecessary log lines 2024-09-11 23:49:18 -07:00
Jack Heysel 41cf622f38 Minor docs fix 2024-09-11 23:46:13 -07:00
Jack Heysel c80a03fece WP LiteSpeed exploit CVE-2024-44000 2024-09-11 23:31:26 -07:00
dledda-r7 5e2bf5aaca fix(modules): spip_bigup_unauth_rce minor fix 2024-09-11 11:46:52 -04:00
dledda-r7 62e852176d Land #19444, SPIP BigUp Plugin Unauthenticated RCE 2024-09-11 10:29:12 -04:00