adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,254 Commits 27 Branches 1,043 Tags
94de5a4e42cfb1dc0fdfc1233707f71b6d9a628b
Commit Graph

1562 Commits

Author SHA1 Message Date
Jacob Robles d6cf32fad8 Land #9821, osCommerce 2.3.4.1 - Remote Code Execution 2018-05-02 07:29:15 -05:00
Daniel Teixeira 37c578e16d Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 17:10:53 +01:00
Daniel Teixeira dee01189ca Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 15:41:21 +01:00
Daniel Teixeira 50c3f53e03 Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 14:39:45 +01:00
Daniel Teixeira 0c829a5c6b Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 14:35:33 +01:00
Daniel Teixeira cbdb3a35b2 Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 14:14:11 +01:00
Daniel Teixeira 6698f1b64b Update oscommerce_installer_unauth_code_exec.rb 2018-04-06 13:05:40 +01:00
Daniel Teixeira 806c72ebcb Update and rename oscommerce.rb to oscommerce_installer_unauth_code_exec.rb 2018-04-06 11:29:29 +01:00
Daniel Teixeira 3efd17a801 Rename osCommerce.rb to oscommerce.rb 2018-04-06 10:46:00 +01:00
Daniel Teixeira 0d254b4e5c Update osCommerce.rb 2018-04-06 10:40:28 +01:00
Daniel Teixeira b5681cb954 osCommerce Module 2018-04-05 20:28:14 +01:00
Chris Higgins 1fa40bfe3b Land #8539, ProcessMaker Plugin Upload exploit 2018-04-03 20:52:17 -05:00
Brendan Coles dfb3a421fe Remove require statement 2018-04-03 12:56:06 +00:00
Brendan Coles d860d7af5b require 'rex/tar' 2018-04-03 06:34:30 +00:00
William Vu c19fc4c18f Land #9423, PSH for jenkins_xstream_deserialize 2018-03-26 17:09:16 -05:00
h00die 0028e2c5ba documentation update 2018-03-24 19:25:59 -04:00
Brendan Coles ac9f506b45 Update tested versions 2018-03-20 02:49:56 +00:00
Touhid M Shaikh ea3378753b syntax error fixed on 70 line 
improve check payload was uploaded or not condition using AND condition on line 121
 2018-03-13 14:15:03 +05:30
Touhid M Shaikh 5e30982184 check fucktion and some words fixed 
all changes done which is bcoles suggested
 2018-03-12 21:03:34 +05:30
Touhid M Shaikh 9b0ba4a6fa clipbucket_fileupload_exec 2018-03-12 14:17:13 +05:30
attackdebris 2939695991 Add ARCH_CMD and general fixup 2018-02-26 16:59:36 -05:00
Brendan Coles f98b4b0540 require 'rubygems/package' 2018-02-22 04:28:56 +00:00
Kevin Kirsche c7d3b5dfbb Update payload and disable check functionality 
The check functionality is broken as MSF cannot handle HttpServer and HttpClient at this time.

The payloads were updated to ensure CVE-2017-10271 is being exploited instead of CVE-2017-3506 as explained on https://blog.nsfocusglobal.com/threats/vulnerability-analysis/technical-analysis-and-solution-of-weblogic-server-wls-component-vulnerability/
 2018-01-18 13:26:44 -05:00
attackdebris 1c156c3d3c Add powershell payload to module 2018-01-16 14:30:02 +00:00
Kevin Kirsche 04e4ff6b3c Use stop_service to avoid cleanup overload 2018-01-11 19:14:26 -05:00
Kevin Kirsche 40f54df129 Feedback updates 2018-01-11 18:54:58 -05:00
Kevin Kirsche 172ffdfea1 Use geturi instead of building it ourselves 2018-01-11 18:27:56 -05:00
Kevin Kirsche d4056e72da Lower the default timeout for CHECK 2018-01-11 17:38:30 -05:00
Kevin Kirsche 3617a30e34 Add URIPATH random URI 2018-01-11 17:33:14 -05:00
Kevin Kirsche a28d4a4b5b Add check and update for some style considerations 2018-01-11 17:28:09 -05:00
Kevin Kirsche 0d9a40d2e5 Use target['Platform'] instead of target_platform 2018-01-11 15:44:07 -05:00
Kevin Kirsche c490d642e2 Was missing a comma 2018-01-11 09:42:24 -05:00
Kevin Kirsche 3132566d8f Fix OptFloat error 2018-01-11 09:22:16 -05:00
Kevin Kirsche c05b440f26 Fix additional feedback 
This
* uses ternary operators
* uses an `RPORT` option shortcut
* removes the `xml_payload` variable and instead more explicitly uses the method directly
* Uses `OptFloat` for the timeout option to allow partial seconds
 2018-01-11 08:17:13 -05:00
Kevin Kirsche ab89e552ed Remove accidental trailing space 2018-01-08 14:42:03 -05:00
Kevin Kirsche 2252490e62 Fix using arbitrary keys to instead use "URL" 2018-01-08 14:30:03 -05:00
Kevin Kirsche e80ca348cf Add Exploit-DB ID 2018-01-08 10:55:46 -05:00
Kevin Kirsche 6beeece708 Re-add timeout value 2018-01-07 20:21:29 -05:00
Kevin Kirsche eefd432161 Make sure Platforms match our actual target list 2018-01-06 08:31:30 -05:00
Kevin Kirsche 4bd196f8b2 Fix missing single quotes and remove comma 2018-01-06 08:30:48 -05:00
Kevin Kirsche 867b32415d Fix feedback from wvu-r7 
Fixes feedback from wvu-r7

- Consolidates payload to single method
- Replaces gsub! with standard encode method
- Note exploit discovery and proof of concept code used in authors (still seems weird to include the discovery as an author...)
- Change link
- Use `ARCH_CMD` instead of `[ARCH_CMD]`
- Remove Linux target as it's only Windows or Unix
- Remove timeout as I don't know how to pass it to `send_request_cgi`
 2018-01-06 08:12:43 -05:00
Brendan Coles 6665a4f735 Use register_dir_for_cleanup 2018-01-06 10:55:29 +00:00
Kevin Kirsche 744f20304c Remove hardcoded user-agent from the headers 
Remove hardcoded user-agent from the headers allowing for `send_request_cgi` to control this
 2018-01-05 18:22:27 -05:00
Kevin Kirsche 2478de934b Add CVE-2017-10271 / Oracle WebLogic wls-wsat RCE 2018-01-05 15:05:21 -05:00
William Vu 366a20a4a4 Fix #9215, minor style nitpick 2018-01-03 23:11:51 -06:00
William Vu a1d43c8f33 Land #9215, new Drupageddon vector 2018-01-03 14:45:32 -06:00
William Vu e9b9c80841 Fix #9307, credit to @r0610205 2017-12-18 03:55:01 -06:00
William Vu 76823e9fe6 Land #9183, Jenkins Groovy XStream RCE 2017-12-18 03:38:27 -06:00
WhiteWinterWolf bfd5c2d330 Keep the initial option name 'ADMIN_ROLE' 2017-11-22 22:03:56 +01:00
WhiteWinterWolf 2be3433bdb Update references URLs 2017-11-17 13:27:35 +01:00