3f3395768a
Fix a potential regexp issue
...
Co-Authored-By: Green-m <greenm.xxoo@gmail.com >
2019-03-22 10:36:23 +08:00
5a38cf17de
Typo fix.
...
Co-Authored-By: Green-m <greenm.xxoo@gmail.com >
2019-03-22 10:34:35 +08:00
49b936f0d5
fix case of variable
2019-03-21 20:54:32 -04:00
c796fe6d6d
Land #11608 , unpkg-hosted Swagger UI (redux)
...
This prevents git grep or searches of the tree from exploding with text.
2019-03-21 14:53:10 -05:00
0a4932a61c
Remove swagger-ui css files
2019-03-21 12:52:30 -05:00
6be369e3bc
Bump version of framework to 5.0.14
2019-03-21 10:09:15 -07:00
0af9b8949e
add doc of can_flood automotive
2019-03-21 18:05:02 +01:00
cc1d9a1e7b
automatic module_metadata_base.json update
2019-03-21 09:41:47 -07:00
94e58511ec
Land #11607 , Add webmin CVE
2019-03-21 11:33:33 -05:00
3570d3e1f2
automatic module_metadata_base.json update
2019-03-21 09:30:04 -07:00
16a48009ed
Add webmin CVE
2019-03-21 11:28:45 -05:00
ee382f9be2
Land #11606 , jenkins_metaprogramming fixes
2019-03-21 11:21:47 -05:00
4524707437
Fix rebase regressions in jenkins_metaprogramming
...
Ugh.
2019-03-21 11:20:21 -05:00
00cf0a7bea
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 14:23:00 +00:00
820e0def05
Land #11604 , fix typo in ffautoregen
2019-03-21 07:02:47 -05:00
91758cd94b
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:11:03 +00:00
98638b6000
Update postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:09:57 +00:00
03775228fe
Update and rename postgres_cmd_execution_nine_three.rb to postgres_copy_from_program_cmd_exec.rb
2019-03-21 11:08:53 +00:00
327f126beb
Update postgres_copy_from_program_cmd_exec.md
2019-03-21 11:06:16 +00:00
cf9f073a24
Rename postgres_cmd_execution_nine_three.md to postgres_copy_from_program_cmd_exec.md
2019-03-21 11:05:55 +00:00
06912ff74c
Create postgres_cmd_execution_nine_three.md
2019-03-21 10:52:32 +00:00
2c05ce5377
Enhance the load completion.
2019-03-21 18:31:32 +08:00
f651836a20
final suggested fixes to module
2019-03-21 10:24:47 +00:00
9c4b9239e5
Update postgres_cmd_execution_nine_three.rb
2019-03-21 10:08:56 +00:00
32bf2e134f
Fixes suggested by bcoles
2019-03-21 10:08:04 +00:00
d01fc4c1c6
Fix typo.
2019-03-21 17:37:05 +08:00
7b8f59d7bc
Update modules/exploits/multi/postgres/postgres_cmd_execution_nine_three.rb
...
Co-Authored-By: Greenwolf <48361984+Greenwolf@users.noreply.github.com >
2019-03-21 09:33:29 +00:00
3ff7a4a639
Fail nicely when load aggregator.
2019-03-21 17:16:03 +08:00
fb8cc3c992
update ruby 2.5.5 too
2019-03-21 09:34:01 +01:00
7e91235551
Adding new Postgres_cmd_execution module
...
PostgreSQL from 9.3 to latest has functionality allowing the database superuser & users in the 'pg_read_server_files' group to execute OS commands.
Explanation:
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
This is my first run through of a Metasploit module so I would appreciate anyone helping me clean it up. It currently works on OSX & Linux by providing a cmd stager (like cmd/unix/reverse_perl), and on windows by first starting up a PowerShell download cradle, then putting the command in the COMMAND parameter. It feels a little hacky though 😁
2019-03-20 17:38:12 +00:00
c923fc9b21
Update cmsms_showtime2_rce.md
2019-03-20 15:51:53 +01:00
be5ec3379b
Update cmsms_showtime2_rce.rb
2019-03-20 15:50:30 +01:00
cb7b9080bd
1) changed print_status with vprint_status 2) Fix iterations and line splits 3) Changed name of the module 4) removed DisclosureDate
2019-03-20 15:13:41 +01:00
9bb7f11897
Unregister SSLCert option since it is never used in thisHTTPServer module.
2019-03-20 14:21:40 +01:00
ac75de8a03
Added Documentation for Cisco RV32x remote code execution module.
2019-03-20 14:17:57 +01:00
c18ab91054
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:38 +01:00
e0a3e01d26
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:25 +01:00
365e032452
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:12 +01:00
49bb5a1624
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:13:00 +01:00
050aa7a98c
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:12:47 +01:00
fe0d5e0c97
Update modules/exploits/multi/http/cmsms_showtime2_rce.rb
...
Co-Authored-By: fabiocogno <fabio.cogno@gmail.com >
2019-03-20 14:12:35 +01:00
2bb0d8491f
automatic module_metadata_base.json update
2019-03-20 05:24:12 -07:00
ce218fc86a
Add can_flood post exploitation for CAN and added example list of frames
2019-03-20 13:17:41 +01:00
3189864a98
Land #11585 , Add IBM BigFix Sites Packages Enum
2019-03-20 07:12:55 -05:00
fd65273b4d
Add Module Doc
2019-03-20 06:40:22 -05:00
43f74b1cf2
Add CMS Made Simple (CMSMS) Showtime2 File Upload RCE
2019-03-19 23:48:46 +01:00
6b0f7fd9f1
Update splunk_upload_app_exec.md
2019-03-19 22:44:07 +01:00
794134735e
Update modules/exploits/unix/webapp/wp_crop_rce.rb
...
Co-Authored-By: tiyeuse <39072217+tiyeuse@users.noreply.github.com >
2019-03-19 20:36:13 +01:00
a8095b8784
Additional Options
2019-03-19 12:53:27 -05:00
b168312db1
Add exploit module for Wordpress core <=4.9.8 (CVE-2019-8942)
2019-03-19 17:51:59 +01:00
bcoles