b712f9a745
Create cups_ipp_remote_code_execution.md
2024-11-11 15:53:14 -06:00
222df0bfdf
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353)
...
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
2024-10-30 16:29:14 -04:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
6e696e24e5
Land #19457 , WP Plugin LiteSpeed Cache Account Take Over Module
2024-09-17 06:30:33 -04:00
84a8eb7273
Respond to comments
2024-09-16 09:46:57 -07:00
c11ef15897
Removed unnecessary log lines
2024-09-11 23:49:18 -07:00
41cf622f38
Minor docs fix
2024-09-11 23:46:13 -07:00
c80a03fece
WP LiteSpeed exploit CVE-2024-44000
2024-09-11 23:31:26 -07:00
5e2bf5aaca
fix(modules): spip_bigup_unauth_rce minor fix
2024-09-11 11:46:52 -04:00
62e852176d
Land #19444 , SPIP BigUp Plugin Unauthenticated RCE
2024-09-11 10:29:12 -04:00
c75ffb4d43
Update documentation
2024-09-08 07:19:35 +02:00
43fabb07e5
Update doc + module + (mixin see #19444 )
2024-09-08 06:56:13 +02:00
f8675026ec
Update documentation again
2024-09-08 06:32:05 +02:00
289f47fac1
Update documentation with docker setup, working mixin now, update module
2024-09-08 05:59:11 +02:00
48f8e248a6
Update documentation/modules/exploit/multi/http/spip_bigup_unauth_rce.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-07 01:49:57 +02:00
8608e7021d
Add spip_bigup_unauth_rce module
2024-09-06 22:10:18 +02:00
7458a2dba3
Remove useless documentation
2024-09-03 20:29:45 +02:00
586cf482ce
Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin
2024-08-30 20:37:32 +02:00
84ffa524e5
Land #19424 , WordPress GiveWP Plugin RCE
2024-08-28 21:09:42 +01:00
71ee987079
Add additional documentation steps, and use 0 for the payload http timeout
2024-08-28 19:21:27 +01:00
2900d45e9f
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-28 13:00:32 +02:00
06a9583cfd
Fix typo
2024-08-27 22:16:11 +02:00
1d7cffbdac
Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932
...
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
2024-08-27 22:15:12 +02:00
8bf354cad2
Land #19417 , Improve wp_backup_migration_php exploit
...
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
2024-08-27 15:17:00 -04:00
d249711480
Update doc
2024-08-27 20:27:46 +02:00
61fa0c40b8
Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md
2024-08-27 14:14:28 -04:00
bc7840ea7f
Add wp_givewp_rce exploit module
2024-08-27 19:50:35 +02:00
6c24e0a952
Land #19393 , Update OFBiz ProgramExport RCE for Patch Bypass
...
Merge branch 'land-19393' into upstream-master
2024-08-27 11:48:38 -05:00
c32c1e3a66
Update doc
2024-08-24 17:31:09 +02:00
4ee30b24cb
Rewrite wp_backup_migration_php_filter
2024-08-24 17:16:58 +02:00
f3a220518a
Land #19394 , SPIP Unauthenticated RCE Exploit
2024-08-21 13:58:26 +01:00
62ab17b14d
Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload.
2024-08-20 19:41:05 +02:00
c7d20853d6
Update documentation
2024-08-19 19:51:36 +02:00
3d90eb0f43
Add spip_porte_plume_previsu_rce
2024-08-16 10:50:23 +02:00
ea10360c81
Update OFBiz ProgramExport RCE for Patch Bypass
2024-08-15 09:18:15 -07:00
2ce0a7a3fd
v7.15 Support added
...
Updated to work with v7.15 too.
2024-08-02 15:43:26 +01:00
6dbb264a0d
Calibre Python Code Injection (CVE-2024-6782)
...
New Exploit Module for Calibre Python Code Injection (CVE-2024-6782)
2024-08-02 06:03:15 +01:00
9b7b1fd16e
Land #19313 , Ghostscript Command Execution via Format String (CVE-2024-29510)
...
Merge branch 'land-19313' into upstream-master
2024-07-19 11:24:11 -05:00
e9c511c979
Add documentation and some updates
2024-07-16 16:34:28 +02:00
f7449ea850
Land #19311 , Add GeoServer unauth RCE module
...
This adds an exploit module for CVE-2024-36401, an unauthenticated RCE
vulnerability in GeoServer versions prior to 2.23.6, between version
2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
2024-07-12 11:07:36 -07:00
292c177b74
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-07-12 19:20:46 +02:00
5d210b548b
added windows support
2024-07-11 16:34:07 -07:00
4e76068cea
added armle architecture support
2024-07-11 21:42:45 +00:00
92f6445856
added documentation
2024-07-11 21:24:50 +00:00
7746c8877e
Add sysinfo Meterpreter output and target OS version numbers
2024-07-09 16:31:01 -05:00
06da60cade
Adding atlassian_confluence_rce_cve_2024_21683 documentation
...
Adding CVE-2024-21683 documentation, which includes both Windows and Linux examples.
2024-07-09 14:05:43 -05:00
e14dd93d6f
Rebased encoder fix, removed PS paylaod dependency
2024-06-14 16:59:55 -07:00
remmons-r7