adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,481 Commits 27 Branches 1,043 Tags
94e5e49052d4f0f165a3220a488ec33a53b082a2
Commit Graph

1957 Commits

Author SHA1 Message Date
adfoster-r7 d9d7f1a898 Merge pull request #19654 from h00die/strapi 
strapi 3.0.0 beta 17.4 password reset (CVE-2019-18818)
 2024-11-21 12:35:30 +00:00
Spencer McIntyre f7e210d3e9 Merge pull request #19624 from cdelafuente-r7/fix/mod/ms_icpr 
Fix a crash when generating CSRs with OpenSSL 3.4.0
 2024-11-19 10:58:52 -05:00
h00die 219981227d Update documentation/modules/auxiliary/scanner/http/strapi_3_password_reset.md 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2024-11-16 15:36:00 -05:00
h00die 6629d5dff2 strapi password reset 2024-11-15 15:12:34 -05:00
Ashley Donaldson 3e3e81ff22 Update documentation with new datastore options 2024-11-14 15:15:06 +11:00
Christophe De La Fuente 24e19e4ebb Update the ESC8 relay module to use the new helper 
It also fixes some unrelated minor issues found in the module and the documentation
 2024-11-12 18:23:31 +01:00
Spencer McIntyre e709a18128 Merge pull request #19404 from bwatters-r7/smb2http_relay 
SMB to NTLM HTTP Relay with ESC8 module
 2024-11-05 14:12:08 -05:00
Spencer McIntyre 006ed90f1c Move the ESC8 module and document the attack 2024-11-04 09:37:12 -05:00
jheysel-r7 ea45d83562 Land #19499, Adds SolarWinds Help Desk Backdoor module 
This adds a new module which exploits a backdoor in SolarWinds Web Help Desk (CVE-2024-28987) <= v12.8.3 which enables attackers to retrieve all tickets currently logged in the application.
 2024-10-31 12:17:32 -04:00
jheysel-r7 2e8892cb01 Land #19517, Add WooCommerce SQLi module 
This adds a new auxiliary module that exploits an unauthenticated SQL injection vulnerability in the TI WooCommerce Wishlist plugin for WordPress (versions <= 2.8.2). The vulnerability allows attackers to execute SQL queries via the order parameter which can be used to dump usernames and their hashed passwords.
 2024-10-31 12:09:55 -04:00
jheysel-r7 87af327507 Merge branch 'master' into wp_ultimate_member_sorting_sqli 2024-10-29 16:34:10 -04:00
Chocapikk 7ccb2991f6 Improve nonce detection, fix bug 2024-10-29 19:41:47 +01:00
Christophe De La Fuente ae213813b5 Updates from code review 2024-10-22 14:41:02 +02:00
h4x-x0r d950bf7bb3 updated 
updated
 2024-10-21 20:51:41 +01:00
Spencer McIntyre 6ca0bb74fd Add workflow docs 2024-10-17 11:23:31 -04:00
Spencer McIntyre 2e4315b3c9 Add support to icpr_cert for ESC15 2024-10-17 11:23:31 -04:00
Diego Ledda e85ee0271d Land #19482, LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) 2024-10-17 11:13:49 +02:00
Chocapikk 145a23625d Add LearnPress SQLi module (CVE-2024-8522, CVE-2024-8529) 2024-10-14 18:15:01 +02:00
Chocapikk 668424a444 Add unauth SQLi exploit module for Ultimate Member plugin (CVE-2024-1071) 2024-10-14 18:14:10 +02:00
Chocapikk 95e64a0a3b Add module for TI WooCommerce Wishlist SQL Injection (CVE-2024-43917) 2024-10-14 18:11:41 +02:00
Chocapikk 8553f625a4 Add auxiliary/scanner/http/wp_fastest_cache_sqli 2024-10-14 18:03:46 +02:00
bcoles 7cf5782b13 Add cups-browsed Information Disclosure module 2024-09-28 02:35:39 +10:00
jheysel-r7 05ff8359b8 Merge pull request #19436 from h4x-x0r/CVE-2024-6670 
WhatsUp Gold SQL Injection (CVE-2024-6670) Module
 2024-09-26 17:04:30 -04:00
h4x-x0r 6c3e9338f7 Updated documentation 
Updated documentation
 2024-09-26 05:50:52 +01:00
jheysel-r7 456c57b031 Merge pull request #19453 from Chocapikk/vicidial_sqli 
Add VICIdial Time-based SQL Injection Module (CVE-2024-8503)
 2024-09-25 14:19:42 -04:00
h4x-x0r 5f95b2bf0d Documentation 
Documentation
 2024-09-25 17:15:54 +01:00
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
Chocapikk f62f5b2c9c Add working documentation 2024-09-18 16:30:07 +02:00
Chocapikk 550a376210 Add suggestions + documentation 2024-09-11 21:17:44 +02:00
h4x-x0r 64f595c431 cleanup, version check, documentation 
cleanup, version check, documentation
 2024-09-02 15:41:08 +01:00
Jack Heysel f951f250f8 Land #19381, Fix gitlab_login scanner 
This fixes the gitlab_login scanner so that it uses the proper datastore
options Username and Password which are the standard for login scanners.
Before this fix the scanner was using HttpUsername and HttpPassword and
ignoring the datastore options Username and Password
 2024-08-30 08:36:08 -07:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
bwatters f74b7ccef5 Land #19415, Update the ldap_esc_vulnerable_cert_finder module 
Merge branch 'land-19415' into upstream-master
 2024-08-26 18:28:33 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
Spencer McIntyre 4cfa93f878 Update the ldap_esc_vulnerable_cert_finder module 2024-08-23 16:49:30 -04:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
h4x-x0r 9c72a85134 Verified more versions 
Verified exploit against more affected versions
 2024-08-14 06:33:45 +01:00
h4x-x0r 75201b0892 Updated references 
references, affected versions, credits
 2024-08-14 05:15:36 +01:00
h4x-x0r 7bfc386973 Updated 
added error handling, documentation, version check, store_valid_credential
 2024-08-14 04:57:08 +01:00
Takah1ro 38b9278f42 Add document 2024-08-12 09:21:18 +09:00
h4x-x0r 26d6347919 Code cleanup 
Code cleanup
 2024-08-11 06:15:24 +01:00
h4x-x0r 5fa18a66ee Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module
 2024-08-11 05:41:07 +01:00
Takah1ro 0ffe335660 Add module docs 2024-08-10 10:59:00 +09:00
h4x-x0r 8a72124e9d Code cleanup and error handling added 
Code cleanup and error handling added
 2024-08-09 21:11:20 +01:00
h4x-x0r 4384d32c83 Cisco SSM On-Prem Account Takeover (CVE-2024-20419) 
Cisco SSM On-Prem Account Takeover (CVE-2024-20419)
 2024-08-09 18:59:54 +01:00
adfoster-r7 8f472b9c61 Land #19338, Kerberos asrep roasting improvements 2024-07-24 18:12:53 +01:00
adfoster-r7 89cf0223d1 Kerberos asrep roasting improvements 2024-07-24 18:01:11 +01:00
Jack Heysel 6ad5ba36fd Land #19304, Add Magento XXE File Read Exploit 
This adds an auxiliary module for an XXE which results in an arbirary
file in Magento which is being tracked as CVE-2024-34102
 2024-07-18 10:32:03 -07:00
jheysel-r7 53afe2b28f Updated SRVHOST description in doc file 2024-07-18 12:44:06 -04:00
redwaysecurity.com a5208e0c5f Moved module to auxiliary/gather 2024-07-17 18:47:02 +02:00