adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
77,502 Commits 27 Branches 1,043 Tags
8e4890fbc0e3dfd17fe78df7c0aa607c162dde9b
Commit Graph

4198 Commits

Author SHA1 Message Date
Brendan 26156dfac2 Merge pull request #20265 from remmons-r7/cve_2025_4427_4428 
Exploit module for CVE-2025-4427/CVE-2025-4428 - Ivanti EPMM (AKA MobileIron Core) Authentication Bypass to EL Injection
 2025-06-04 09:05:04 -05:00
remmons-r7 97f308386b Update documentation/modules/exploit/multi/http/ivanti_epmm_rce_cve_2025_4427_4428.md 
Update docs to reflect the new Python payload approach

Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-06-04 08:30:11 -05:00
msutovsky-r7 5fbf46ba7f Land #19472, adds exploits/linux/local/udev_persistence 
Add modules/exploits/linux/local/udev_persistence.rb
 2025-06-04 13:21:04 +02:00
remmons-r7 68929a50fa Add ivanti_epmm_rce_cve_2025_4427_4428.md 
Documentation for ivanti_epmm_rce_cve_2025_4427_4428.
 2025-05-28 17:35:34 -05:00
Diego Ledda ce6e0d1164 Merge pull request #20096 from h00die-gr3y/CVE-2025-30406 
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
 2025-05-28 13:46:13 +02:00
jheysel-r7 ca40f6ecbc Merge pull request #20214 from Chocapikk/invision_customcss_rce 
Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916)
 2025-05-21 09:29:14 -07:00
jheysel-r7 0600de2d90 Merge pull request #20177 from msutovsky-r7/clinic_management_system_sqli2rce 
Clinic Patient's Management System SQLi (CVE-2025-3096)
 2025-05-21 08:42:16 -07:00
Valentin Lobstein e5bbc01e78 Update invision_customcss_rce.md 2025-05-21 08:38:36 +02:00
Chocapikk 28b7c7f786 Add Invision Community 5.0.6 customCss RCE (CVE-2025-47916) 2025-05-20 18:33:06 +02:00
msutovsky-r7 561eef98c1 Land #20188, adds module for CVE-2024-7399 Samsung MagicINFO 9 Server 
Samsung MagicINFO 9 Server RCE (CVE-2024-7399) Module
 2025-05-19 09:49:09 +02:00
Martin Sutovsky 070bd54d33 Addressing comments 2025-05-19 07:17:14 +02:00
Brendan 76471731f9 Merge pull request #20112 from cdelafuente-r7/mod/ivanti/rce/cve_2025_22457 
Ivanti Connect Secure Unauthenticated RCE via Stack-based Buffer Overflow CVE-2025-22457
 2025-05-15 11:44:49 -05:00
msutovsky-r7 c598d8b4b0 Land #20020, adds module for Nextcloud Workflow Remote Code Execution 
Add exploit module for the nextcloud workflow vulnerability CVE-2023-26482
 2025-05-15 12:31:51 +02:00
Christophe De La Fuente 365caab8fc Update the error message in case of Broken pipe error and update the documentation 2025-05-15 12:10:53 +02:00
whotwagner 2259de33c1 Fixed a txpo in nextcloud_workflows_rce.md 2025-05-14 13:40:47 +00:00
msutovsky-r7 fe5f56cac0 Land #20159, adds module for privilege escalation in Wordpress (CVE-2025-2563) 
Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563)
 2025-05-14 15:33:30 +02:00
msutovsky-r7 7d8d0230cb Land #20026, adds module for CVE-2024-57487 
New Exploit Module & Documentation for CVE-2024-57487
 2025-05-14 08:00:20 +02:00
Chocapikk e335841bb0 Add Unauthenticated privesc for WP User Registration & Membership plugin (CVE-2025-2563) 2025-05-13 21:42:09 +02:00
Brendan cb6495e5bc Merge pull request #20146 from Chocapikk/wp_suretriggers_auth_bypass 
Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102)
 2025-05-13 10:53:44 -05:00
whotwagner 09aaf5865c Rearranged code and removed wait_for_payload_session 2025-05-13 13:48:56 +00:00
jenkins-metasploit e819362398 automatic module_metadata_base.json update 2025-05-13 13:45:30 +00:00
Brendan 5faa0a5b6b Merge pull request #19777 from msutovsky-r7/linqpad_deserialization 
Linqpad deserialization persistence
 2025-05-13 08:03:30 -05:00
Martin Sutovsky 939d997b8a Adds documentation 2025-05-13 14:57:55 +02:00
msutovsky-r7 3af76cfa00 Renames incorrect option in documentation 
Co-authored-by: Brendan <bwatters@rapid7.com>
 2025-05-13 06:30:00 +02:00
msutovsky-r7 8c647cd1ad Land #20118, changes target option for smb_to_ldap module 
Fix the smb_to_ldap module's missing target option
 2025-05-12 09:56:06 +02:00
h4x-x0r e9c88b55f2 cleanup 2025-05-09 22:39:30 +01:00
h4x-x0r 803581ab81 CVE-2024-7399 2025-05-09 17:27:22 +01:00
Chocapikk 4d0c7bb71a Add WP SureTriggers ≤1.0.78 admin-creation & RCE module (CVE-2025-3102) 2025-05-07 17:45:30 +02:00
Martin Sutovsky d16c639278 Adds cleanup option in documentation 2025-05-06 09:07:21 +02:00
Martin Sutovsky 24a86cd74a Refactoring based on comments 2025-05-06 08:43:57 +02:00
h00die-gr3y 908094da6b update documentation with privileged escalation to system 2025-05-02 20:59:07 +00:00
h00die-gr3y 1c5be6154a second release including Triofox + documentation 2025-05-02 20:42:14 +00:00
jheysel-r7 4b9032a487 Merge pull request #20060 from mekhalleh/rce_cve-2025-21293 
Added exploit module for CVE-2025-32433 (Erlang/OTP)
 2025-05-02 07:05:30 -07:00
Spencer McIntyre 3216fbbde3 Fix the smb_to_ldap module 2025-05-01 16:59:16 -04:00
jheysel-r7 0f22a18dac Merge pull request #20081 from msutovsky-r7/exploit/wondercms-rce 
Adds module for  CVE-2023-41425 WonderCMS RCE
 2025-04-30 13:14:45 -07:00
Christophe De La Fuente d83e6072ef Add the module and documentation for Ivanti RCE CVE-2025-22457 2025-04-30 22:02:16 +02:00
Martin Sutovsky f2e0fe79be Responding to comments 2025-04-30 17:53:26 +02:00
Chocapikk 39a5d710aa Refactor module: modularization, session-path leak, randomized key, improved check 
- Centralized fetch_cookies_and_csrf and execute_via_session methods for clarity
- Added leak_session_path() to call send_transform("phpinfo") and parse session.save_path via XPath
- In check(): first try to leak the PHP session directory (report vulnerable if successful), then perform a simple RCE check by summing two 4-digit random numbers with print_r()
- Stub injection now happens once in fetch_cookies_and_csrf; execute_via_session only needs the payload
- Randomized the "as hack" key in send_transform
- Simplified exploit() to reuse execute_via_session with a Base64-encoded payload
- Big thanks to @jvoisin for the suggestions!
 2025-04-30 00:24:25 +02:00
Chocapikk f24801a4a4 Update doc 2025-04-29 20:06:40 +02:00
RAMELLA Sebastien 32a8e6797e fixes review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-27 20:31:13 +04:00
Chocapikk 89404c28e1 Fix markdown 2025-04-26 23:55:00 +02:00
Chocapikk b8d2681335 Remove useless config suggestions 2025-04-26 23:53:59 +02:00
Chocapikk c4e621f3cf Add new exploit for CVE-2025-32432: Craft CMS Preauth RCE 2025-04-26 05:43:13 +02:00
Martin Sutovsky b117843c00 Addressing comments 2025-04-25 20:17:46 +02:00
Martin Sutovsky 9d5c4a59e8 Adding documentation 2025-04-25 14:47:00 +02:00
Martin Sutovsky 665065e4df Module init 2025-04-25 14:35:24 +02:00
RAMELLA Sebastien 740a8130d4 combine modules 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-25 10:35:16 +04:00
jheysel-r7 f5aafdcfdf Merge pull request #20046 from Takahiro-Yoko/bentoml_runner_server_rce_cve_2025_32375 
Add BentoML's runner server unauth RCE module (CVE-2025-32375)
 2025-04-22 12:32:08 -07:00
bcoles 1da0ebff66 exploit/solaris/sunrpc/sadmind_*: Cleanup and add documentation 2025-04-22 13:33:25 +10:00
RAMELLA Sebastien 0a428b8d03 add scanner capability + code review 
Signed-off-by: RAMELLA Sebastien <sebastien.ramella@pirates.re>
 2025-04-20 18:02:52 +04:00