9daacf8fb1
Clean exploit method
2014-01-30 16:58:17 -06:00
4458dc80a5
Clean the find_csrf mehtod
2014-01-30 16:39:19 -06:00
697a86aad7
Organize a little bit the code
2014-01-30 16:29:45 -06:00
50317d44d3
Do more easy clean
2014-01-30 16:23:17 -06:00
1a9e6dfb2a
Allow check to detect platform and arch
2014-01-30 15:17:20 -06:00
b2273dce2e
Delete Automatic target
...
It isn't usefull at all, when auto targeting is done, the payload (java platform and arch)
has been already selected.
2014-01-30 15:04:08 -06:00
cebbe71dba
Do easy cleanup of exploit
2014-01-30 14:42:02 -06:00
c336133a8e
Do a first clean related to auto_target
2014-01-30 14:27:20 -06:00
57b8b49744
Clean query_manager
2014-01-30 14:20:02 -06:00
148e51a28b
Clean metadata and use TARGETURI
2014-01-30 14:03:52 -06:00
56287e308d
Clean up unused variables
2014-01-30 11:20:21 -06:00
e7ab77c736
added module for Oracle Forms and Reports
2014-01-30 14:45:17 +01:00
9a929e75e4
Added Pandora FMS RCE
2014-01-29 12:46:23 +07:00
bac6e2a3e1
added SkyBlueCanvas CMS 1.1 r248-03 RCE
2014-01-28 11:06:25 +07:00
003c1276cd
The module has been updated
2014-01-28 00:31:02 +02:00
f086655075
Land #2913 , @bcoles Exploit for Simple E-Document
2014-01-27 08:09:45 -06:00
861126fdbd
Clean exploit code
2014-01-27 08:09:18 -06:00
a49473181c
Added new module. Abuses tomcat manager upload page. Tested on tomcat 5.5.36, 6.0.37, 7.0.50, 8.0.0rc10
2014-01-27 09:04:59 -05:00
8fe74629fe
Allow send_request_cgi to take care of the uri encoding
2014-01-26 00:06:41 -06:00
37adf1251c
Delete privileged flag because is configuration dependant
2014-01-25 18:25:31 -06:00
038cb7a981
Add module for CVE-2012-0394
2014-01-25 18:17:01 -06:00
cc4dea7d49
Was playing with ms08_067 check and realized I forgot this print
2014-01-25 16:15:52 -06:00
7c5229e2eb
Use opts hash for glassfish_deployer
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:17:02 -06:00
47b9bfaffc
Use opts hash for adobe_pdf_embedded_exe
...
https://dev.metasploit.com/redmine/issues/8498
2014-01-24 20:16:53 -06:00
a7fa4e312b
This module fails to load due to the missing end
2014-01-24 17:56:47 -06:00
9db295769d
Land #2905 , @wchen-r7's update of exploit checks
2014-01-24 16:49:33 -06:00
cdc425e4eb
Update some checks
2014-01-24 12:08:23 -06:00
16b8b58a84
Fix the dwSize parameter
2014-01-24 11:38:57 +01:00
8f6dcd7545
Add some randomization to the ROP chain
2014-01-24 10:28:59 +01:00
32d6032893
Add Simple E-Document Arbitrary File Upload module
2014-01-24 19:19:25 +10:30
021aa77f5f
Add module for BID-46926
2014-01-24 01:48:21 +01:00
c403c521b3
Change check code
2014-01-23 11:03:40 -06:00
0a10c1297c
Address nil
2014-01-23 11:00:28 -06:00
333229ea7e
Throw Unknown if connection times out
2014-01-23 10:54:45 -06:00
7f560a4b41
Oops, I broke this module
2014-01-22 11:23:18 -06:00
c83053ba9b
Progress
2014-01-22 11:20:10 -06:00
646f7835a3
Saving progress
2014-01-21 17:14:55 -06:00
85396b7af2
Saving progress
...
Progress group 4: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 14:10:35 -06:00
b3b51eb48c
Pre-release fixup
...
* Updated descriptions to be a little more descriptive.
* Updated store_loot calls to inform the user where the
loot is stored.
* Removed newlines in print_* statments -- these will screw
up Scanner output when dealing with multiple hosts.
Of the fixed newlines, I haven't see any output, so I'm not sure what
the actual message is going to look like -- I expect it's a whole bunch
of newlines in there so it'll be kinda ugly as is (not a blocker for
this but should clean up eventually)
2014-01-21 13:29:08 -06:00
689999c8b8
Saving progress
...
Progress group 3: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 13:03:36 -06:00
fe767f3f64
Saving progress
...
Progress group 2: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-21 11:07:03 -06:00
7cc3c47349
Land #2891 - HP Data Protector Backup Client Service Directory Traversal
2014-01-20 20:08:01 -06:00
e5dc6a9911
Update exploit checks
...
Progress group 1: Making sure these checks comply with the new
guidelines. Please read: "How to write a check() method" found in
the wiki.
2014-01-20 14:26:10 -06:00
88c283880a
Fix bugs
2014-01-18 17:04:46 -05:00
766c408d86
Add CVE-2013-0634: Adobe Flash Player 11.5 memory corruption
2014-01-18 11:07:11 -05:00
e2fa581b8c
Delete empty line
2014-01-17 22:05:14 -06:00
57318ef009
Fix nil bug in jboss_invoke_deploy.rb
...
If there is a connection timeout, the module shouldn't access the
"code" method because that does not exist.
2014-01-17 11:47:18 -06:00
c670259539
Fix protocol handling
2014-01-17 00:49:44 -06:00
c6c37fe7b5
arbitrary file upload vulnerability found in GetSimple CMS by abusing
2014-01-17 06:35:33 +02:00
eaf1b0caf6
Add minor clean up
2014-01-16 17:55:45 -06:00
jvazquez-r7