1ee8734717
Land #10570 , AKA Metadata Refactor
2018-09-17 20:31:07 -07:00
c38bca1799
Land #9908 , msfd_rce_remote and msfd_rce_browser
2018-04-30 09:49:50 -05:00
667cc5bcca
Land #9653 , fix Y2k38 issue (until Jan 1, 2038)
2018-03-01 09:28:11 -06:00
6051a1a1c1
Land #8910 , Use meta redirect instead of JS redirect in 2 modules
2017-09-01 13:50:02 -05:00
49173818fd
Addresses #8674
...
This type of redirection will work without javascript being enabled.
Modules:
multi/browser/firefox_xpi_bootstrapped_addon
multi/browser/itms_overflow
More info on the meta element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/meta
2017-08-30 23:16:46 -05:00
a40429158f
40% done
2017-08-28 20:17:58 -04:00
6300758c46
use https for metaploit.com links
2017-07-24 06:26:21 -07:00
b8d80d87f1
Remove last newline after class - Make @wvu-r7 happy
2017-07-19 11:19:49 +01:00
4720d1a31e
OCD fixes - Spaces
2017-07-14 08:46:59 +01:00
fd843f364b
Removed extra lines
2017-07-14 08:17:16 +01:00
3bda361544
add old hackingteam leak name
2017-07-07 00:52:11 -05:00
64452de06d
Fix msf/core and self.class msftidy warnings
...
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
72caeaa72f
Fix redirect url
2016-07-24 15:49:03 -05:00
14c9569afa
2013-1710 - Use header VHOST info for redirection
...
When this exploit is hit by hostname, the HTTP request contains
a Host header field which does not match the IP-based redirection.
Update the module to check request headers for host information,
and fallback to the prior behavior if none exists.
Tested in conjunction with #6611 DNS spoofer - works great, see
issue #7098 for details.
2016-07-17 04:50:54 -04:00
b08d1ad8d8
Revert "Land #6812 , remove broken OSVDB references"
...
This reverts commit 2b016e02167b1d9596c7
2016-07-15 12:00:31 -05:00
4a95e675ae
Rm empty references
2016-04-24 11:46:08 -05:00
816bc91e45
Resolve #6807 , remove all OSVDB references.
...
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.
Resolve #6807
2016-04-23 12:32:34 -05:00
3123175ac7
use MetasploitModule as a class name
2016-03-08 14:02:44 +01:00
f703fa21d6
Revert "change Metasploit3 class names"
...
This reverts commit 666ae14259
2016-03-07 13:19:55 -06:00
666ae14259
change Metasploit3 class names
2016-03-07 09:56:58 +01:00
27a6aa0be1
Fix current msftidy warnings about PACKETSTORM vs URL
2015-12-24 09:05:02 -08:00
7444f24721
update whitespace / syntax for java_calendar_deserialize
2015-12-23 15:42:27 -06:00
11c1eb6c78
Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails
...
Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
2015-12-08 21:13:23 -06:00
154fb585f4
Remove bad references (dead links)
...
These links are no longer available. They are dead links.
2015-10-27 12:41:32 -05:00
98e2d074c3
Add disclosure date.
2015-08-15 20:09:41 -05:00
a133e98ba5
Adds a ff 35-36 RCE vector based off the recent ff bug.
2015-08-15 20:02:00 -05:00
2052b4ef56
Fixed the HT leak attribution a little
2015-07-20 16:36:47 -05:00
f7c11d0852
More cleanups
...
Edited modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
first landed in #5678 , adobe_flash_hacking_team_uaf.rb
Edited
modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
first landed in #5698 , Adobe Flash CVE-2015-5122 opaqueBackground
Edited modules/exploits/multi/http/sysaid_auth_file_upload.rb first
landed in #5471 , @pedrib's module for SysAid CVE-2015-2994
Edited modules/exploits/multi/http/sysaid_rdslogs_file_upload.rb first
landed in #5473 Correct spelling of sysaid module
2015-07-20 16:29:49 -05:00
7113c801b1
Land #5732 , reliability update for adobe_flash_hacking_team_uaf
2015-07-17 16:43:39 -05:00
f77f7d6916
Bump rank
2015-07-17 16:23:27 -05:00
0bd1dc017e
Update coverage information
2015-07-17 16:23:00 -05:00
255d8ed096
Improve adobe_flash_opaque_background_uaf
2015-07-16 14:56:32 -05:00
b504f0be8e
Update adobe_flash_hacking_team_uaf
2015-07-15 18:18:04 -05:00
f7ce6dcc9f
We agreed to Normal
2015-07-11 02:07:18 -05:00
0ff7333090
Lower the ranking for CVE-2015-5122
...
As an initial release we forgot to lower it.
2015-07-11 02:05:56 -05:00
1289ec8863
authors
2015-07-11 01:38:21 -05:00
6eabe5d48c
Update description
2015-07-11 01:36:26 -05:00
54fc712131
Update Win 8.1 checks
2015-07-11 01:33:23 -05:00
6f0b9896e1
Update description
2015-07-11 00:56:18 -05:00
115549ca75
Delete old check
2015-07-11 00:42:59 -05:00
63005a3b92
Add module for flash CVE-2015-5122
...
* Just a fast port for the exploit leaked
* Just tested on win7sp1 / IE11
2015-07-11 00:28:55 -05:00
a3ec56c4cb
Do it in on_request_exploit because it's too specific
2015-07-08 12:32:38 -05:00
cefbdbb8d3
Avoid unreliable targets
...
If we can't garantee GreatRanking on specific targets, avoid them.
2015-07-08 12:12:53 -05:00
6a33807d80
No Chrome for now
2015-07-07 15:56:58 -05:00
f8b668e894
Update ranking and References
2015-07-07 15:43:02 -05:00
116c3f0be1
Add CVE as a real ref, too
2015-07-07 14:46:44 -05:00
3d630de353
Replace with a real CVE number
2015-07-07 14:44:12 -05:00
829b08b2bf
Complete authors list
2015-07-07 12:49:54 -05:00
49effdf3d1
Update description
2015-07-07 12:46:02 -05:00
d885420aff
This changes the version requirement for adobe_flash_hacking_team_uaf.rb
...
Because it works for Win 8.1 + IE11 too
2015-07-07 12:42:56 -05:00
Brent Cook