578bf9999f
Land #12955 , Update logic for ForceExploit in modules
2020-02-21 15:45:12 -06:00
f9077bcd8d
Land #12704 , OpenNetAdmin 18.1.1 Remote Code Execution exploit
2020-02-21 15:49:26 +01:00
5e4b83581a
Fix indentation issue
2020-02-21 15:47:32 +01:00
f483b80849
Changed to vars_post
2020-02-21 03:48:12 +03:00
695f6869df
Update opennetadmin_ping_cmd_injection.rb
2020-02-21 03:13:44 +03:00
f90d605c21
Update modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb
...
Co-Authored-By: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-02-21 03:07:27 +03:00
7dc1315dac
Update logic for ForceExploit in my modules
...
This lets the user opt out of running check completely.
2020-02-19 01:06:50 -06:00
8489bcdfd9
This fixes broken links to the community.rapid7.com blog
...
Performed mechanically with sed, spot-checked that the new blog can consume these links.
2020-02-18 09:06:11 -06:00
eab1245eef
Update module doc
2020-02-07 12:30:00 -06:00
a9ae212b27
Replace ForceExploit with AutoCheck mixin
2020-02-07 12:04:57 -06:00
2ad8a02fd7
Fix version check
...
Co-Authored-By: adamgalway-r7 <54621924+adamgalway-r7@users.noreply.github.com >
2020-02-07 10:10:28 -06:00
763dbf5d5d
Check WordPress version
2020-02-07 03:14:17 -06:00
6c59d7c37c
Refactor module
2020-02-07 01:38:11 -06:00
972cb545f0
Restore the original PLUGIN_FILE contents
2020-01-18 14:57:41 -06:00
cbd949927d
Add WordPress InfiniteWP Client plugin exploit
2020-01-17 20:12:21 -06:00
5c4189fdb4
Move unix/webapp/webmin_backdoor to linux/http
2020-01-14 00:50:04 -06:00
548abf4364
Rename modules/exploits/multi/http/opennetadmin_ping_cmd_injection.rb to modules/exploits/unix/webapp/opennetadmin_ping_cmd_injection.rb
2019-12-14 16:26:19 +03:00
41569b78ba
Land #12503 , Add exploit module for Ajenti 2.1.31
2019-12-01 16:13:06 +00:00
373d147efd
Land #12555 - Wordpress Plainview Activity Monitor RCE
2019-11-29 11:10:24 +01:00
1cf9a2eb53
Update wp_plainview_activity_monitor_rce.rb
2019-11-28 20:13:21 +01:00
2372f7e40d
Update wp_plainview_activity_monitor_rce.rb
2019-11-28 20:10:17 +01:00
853fea736d
Update wp_plainview_activity_monitor_rce.rb
2019-11-27 22:28:33 +01:00
60b98fd20c
Update wp_plainview_activity_monitor_rce.rb
2019-11-27 21:59:54 +01:00
9b5265f49a
Update wp_plainview_activity_monitor_rce.rb
2019-11-27 21:57:24 +01:00
fa1647190e
Update ajenti_auth_username_cmd_injection.rb
2019-11-20 19:09:24 +03:00
841e524b6f
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:33 +03:00
af59efa4cd
Update modules/exploits/unix/webapp/ajenti_auth_username_cmd_injection.rb
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-11-20 18:08:23 +03:00
5c6686a105
Land #12532 , Add FusionPBX Command exec.php Command Execution
...
Add FusionPBX Command exec.php Command Execution
2019-11-13 11:33:21 -06:00
66ad5deb47
Land #12531 , Add FusionPBX Operator Panel exec.php Command Execution
...
Add FusionPBX Operator Panel exec.php Command Execution
2019-11-13 11:31:30 -06:00
1d7cdac421
Add Wordpress Plainview Activity Monitor RCE
...
Description:
```
Plainview Activity Monitor Wordpress plugin is vulnerable to OS
command injection which allows an attacker to remotely execute
commands on underlying system. Application passes unsafe user supplied
data to ip parameter into activities_overview.php.
Privileges are required in order to exploit this vulnerability, but
this plugin version is also vulnerable to CSRF attack and Reflected
XSS. Combined, these three vulnerabilities can lead to Remote Command
Execution just with an admin click on a malicious link.
```
2019-11-10 08:27:45 +01:00
c2b40d2924
Add FusionPBX Command exec.php Command Execution
2019-11-01 23:38:51 +00:00
9346013974
Use bg_system API command
2019-11-01 22:17:26 +00:00
08d51acd18
Update targets
2019-11-01 20:33:23 +00:00
1e3705e47d
Add FusionPBX Operator Panel exec.php Command Execution
2019-11-01 20:11:55 +00:00
379fb3b65c
Targets version fixed
2019-10-29 23:04:42 +03:00
e07289c71a
Update Ajenti Command Injection module
...
Module name changed.
Removed space.
Check module issues fixed.
random_password moved into json_body.
2019-10-29 22:49:11 +03:00
89e56cf26d
Rename ajenti_login_rce.rb to ajenti_auth_username_cmd_exec.rb
2019-10-29 22:19:59 +03:00
9b9d3013a4
Module name changed.
...
Co-Authored-By: bcoles <bcoles@gmail.com >
2019-10-29 22:18:36 +03:00
5c17dc6a74
Add rConfig install Command Execution exploit
2019-10-29 15:53:59 +00:00
bbf405bf92
Added EDB number instead of url
2019-10-28 22:09:01 +03:00
5dea40f43b
Added Ajenti 2.1.31 exploit
...
Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. It can install packages and run commands, and you can view basic server information such as RAM in use, free disk space, etc. All this can be accessed from a web browser.
This module exploits a command injection in Ajenti <= 2.1.31.
By injecting a command into the username POST parameter to api/core/auth, a shell can be spawned.
2019-10-28 21:39:13 +03:00
dff2aed1ac
Simplify request by combining POST parameters
...
There's no need to discriminate between versions. Send 'em all.
2019-08-21 17:50:48 -05:00
6b8c0bc589
Simplify targets with automatic targeting
2019-08-21 16:41:41 -05:00
3f4c0e972b
Refactor check and support 1.900-1.920 targets
2019-08-21 16:16:56 -05:00
227ea6de3a
Fix typo
2019-08-21 15:41:45 -05:00
55b5e6a616
Drop =~ habit
2019-08-21 11:55:03 -05:00
a6d7011efa
Adjust check
2019-08-21 11:42:49 -05:00
5de2b37110
Add diff3 output between 1.{890,930,920}
2019-08-21 11:17:12 -05:00
c6f8dedf45
Add more words and an additional reference
2019-08-21 02:26:17 -05:00
41d4dafdca
Add Webmin password_change.cgi backdoor exploit
2019-08-21 02:02:26 -05:00
Jeffrey Martin