32334c2386
Update all module splats from http:// to https://
2019-08-15 18:10:44 -05:00
030ac60fce
Land #12084 , Add Schneider Encoder Exploit
2019-07-22 12:49:44 -05:00
6a2ae1418a
format xml, change headers
2019-07-22 12:24:55 -05:00
d498eaceaf
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-20 01:17:55 -03:00
bfa17a05b4
Update schneider_electric_net55xx_encoder.rb
2019-07-20 00:44:21 -03:00
af7eba5828
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-20 00:07:24 -03:00
a70a74d480
Update schneider_electric_net55xx_encoder.rb
2019-07-19 23:41:31 -03:00
3c57741794
Update schneider_electric_net55xx_encoder.rb
2019-07-19 23:38:45 -03:00
836805b3cd
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-19 23:37:18 -03:00
c0377c97c5
Update schneider_electric_net55xx_encoder.rb
2019-07-19 23:31:10 -03:00
e1e89882d6
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-19 14:08:34 -03:00
f1a6c0cc45
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-19 14:08:09 -03:00
68818aa4c7
Update schneider_electric_net55xx_encoder.rb
2019-07-19 10:30:05 -03:00
ea3932e31b
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-07-19 09:55:19 -03:00
7a552369df
Update schneider_electric_net55xx_encoder.rb
2019-07-18 10:40:31 -03:00
20e79e08dc
Update schneider_electric_net55xx_encoder.rb
2019-07-16 22:26:18 -04:00
6f21abfe08
Update schneider_electric_net55xx_encoder.rb
2019-07-16 22:16:34 -04:00
6897d2ce17
Update schneider_electric_net55xx_encoder.rb
2019-07-16 22:03:46 -04:00
4ee745e21e
Update schneider_electric_net55xx_encoder.rb
2019-07-16 21:52:28 -04:00
c3fbd63654
Update schneider_electric_net55xx_encoder.rb
2019-07-16 21:45:06 -04:00
55cc66f893
Update schneider_electric_net55xx_encoder.rb
...
Breaking xmlPayload into multiple lines
2019-07-16 21:27:15 -04:00
07834d7355
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-07-15 12:00:24 -03:00
38f17b4062
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-07-15 11:48:43 -03:00
10b402fd7b
Update modules/exploits/unix/http/schneider_electric_net55xx_encoder.rb
...
Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com >
2019-07-15 11:47:45 -03:00
30d7c9427f
Add CVE reference
2019-07-12 09:08:15 -05:00
73b1790472
Use include? method
2019-07-12 07:59:30 -05:00
e84379cabe
Refactor
2019-07-12 07:45:24 -05:00
925d894f22
Add files via upload
2019-07-11 14:10:37 -04:00
163e85bad9
fail Spaces at EOL is effing stupid unless the line is exponentiall^y long.
2019-07-08 11:36:49 +10:00
a9ecef74fd
Guessing build fail must be this.
2019-07-08 09:30:52 +10:00
5a035aaf7c
Owch fix syntax.
2019-07-08 09:18:39 +10:00
691c606c53
Also some bare POSTs work.
2019-07-08 05:13:38 +10:00
a9791fad74
Added Lavarel PHP exploit module with fixes.
2019-07-08 00:50:13 +10:00
8d6f36e05c
Minor fix for xdebug_unauth_exec
...
Avoid triggering error where res.headers may not exist.
2019-06-27 01:00:49 +10:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
caf76a6555
Add applicable notes to my exploit modules
2018-10-27 20:54:14 -04:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
1a3a4ef5e4
Revised 88 aux and exploit modules to add CVEs / references
2018-07-12 17:34:52 -05:00
6d3c141553
Update patched version check
2018-06-22 15:08:19 +00:00
a71a5a10d5
Add Quest KACE Systems Management Command Injection
2018-06-22 08:07:18 +00:00
5ed1bde65f
Removed unused FileDropper include
2018-05-08 18:10:29 +02:00
5038098efb
Remove need for writable directory when using xdebug exploit
...
By base64 encoding the exploit code and decoding it on the target the
need for writing a temporary file is removed.
See #9918
2018-05-07 22:11:21 +02:00
82fc4aba64
Land #9918 , XDebug Unauthenticated OS command execution
2018-04-27 17:08:58 -05:00
c9d6d0a7a7
-51
2018-01-04 12:25:31 -06:00
16d709f180
changes+filedropper
2018-01-03 14:09:30 -06:00
8f0e41e159
requested changes
2018-01-01 17:30:43 -06:00
c47d09717d
pfsense graph sploit
2018-01-01 03:18:51 -06:00
e6de25d63b
Land #9316 Cambium modules and mixins, tx @juushya
...
These cover several of the CVEs mentioned in
https://blog.rapid7.com/2017/12/19/r7-2017-25-cambium-epmp-and-cnpilot-multiple-vulnerabilities/
2017-12-26 12:39:51 -06:00
8b0f2214b1
few more updates
2017-12-23 03:04:11 +05:30
William Vu