74898461b4
Land #14654 , Add exploit for Micro Focus UCMDB unauthenticated RCE
2021-01-27 10:00:22 -05:00
191e772f06
fix issues highlighted by smcintyre-r7
2021-01-25 22:25:07 +07:00
fc0e221f5a
add comment for self removal
2021-01-24 22:47:47 +07:00
7220dc3ff6
add new note on broken payloads
2021-01-24 22:39:01 +07:00
12157163f7
Merge branch 'obm_deser' into ucmdb
2021-01-24 22:25:57 +07:00
bf4ac7b1a8
add UCMDB sploit
2021-01-24 22:25:45 +07:00
6e326d6a60
Fix up confusing variable name and a typo as pointed out during review
2021-01-19 09:25:56 -06:00
95d3bd98ac
Do msftidy_docs and rubocop changes
2021-01-15 18:10:23 -06:00
2f0abe4900
Add in documentation and fix up small issues with module
2021-01-15 18:06:07 -06:00
65370a6b47
Initial module code
2021-01-15 16:20:06 -06:00
7d7263cf1f
spelling
2021-01-09 08:13:19 -05:00
d8c55501a5
ait csv improter exploit
2021-01-01 12:14:52 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
8a932b847a
Apply RuboCop edits
2020-12-22 17:57:38 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
7d0cb771a5
Apply RuboCop updates to module.
2020-12-21 17:31:24 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
be3a1eb9d6
Guard against empty response
2020-12-16 18:25:17 -06:00
9be1e8c295
replace hard-coded shiro default key with SHIROKEY
2020-12-16 11:03:30 +08:00
941ba923f7
Add missing module notes
2020-12-15 19:58:04 -05:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
289605f532
Require that the user know the CVE since the check is questionable
2020-12-15 19:17:35 -05:00
9bdf591a98
Add a working command stager for CVE-2020-17530
2020-12-15 09:13:06 -05:00
7826cbb8de
Initial addition of the Struts2 Double Eval exploit
2020-12-15 09:13:06 -05:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
9696e709ae
Remove unused vprint_status conditional
2020-12-09 22:48:16 -06:00
a33a6e6c55
Don't be lazy about checking the redirect
...
And don't be lazy about sending the request.
To trigger UnexpectedExceptionPage, we can send bogus data instead of
telegraphing our payload-less gadget chain.
God, I'm so lazy. This took like five extra minutes. :|
2020-12-09 21:09:49 -06:00
d337d832b8
Land #14422 , add GitLab file read/rce
2020-12-09 11:34:14 -06:00
941762b3c5
remove trailing commas
2020-12-09 11:29:00 -06:00
dcb1637ac2
Land #14463 , web_delivery: Add SyncAppvPublishingServer target
2020-12-08 17:28:15 -05:00
e7f8d00717
Note technique compatibility and fix the reference URL
2020-12-08 17:26:39 -05:00
85a9accbee
Land #14202 , Add initial zeitwerk autoloader approach for lib/msf/core
2020-12-08 12:53:02 +00:00
30bf917075
Land #14401 , add Windows support for consul rce
2020-12-07 16:21:36 -06:00
45ce738af7
add default payload for targets, run rubocop
2020-12-07 16:17:12 -06:00
49a6b1b257
Remove requires that sneaked in while the PR was up
2020-12-07 11:02:10 +00:00
1617b3ec9b
Use zeitwerk for lib/msf/core folder
2020-12-07 10:31:45 +00:00
835059f00c
[CVE-2020-10977] Gitlab arbitrary file read to RCE
2020-12-07 01:26:54 +00:00
9bf532edd8
web_delivery: Add SyncAppvPublishingServer target
2020-12-05 06:24:55 +00:00
bc3d41bbe8
Request json response
...
For compatibility with older versions of Solr (I tested 5.3.0) where the
default is XML.
2020-11-29 17:57:36 -06:00
4b5dd7389c
Cleanup debug prints
2020-11-29 13:15:14 -06:00
4496fe0d82
Randomize the header name for commands
2020-11-29 11:32:35 -06:00
1be51ded25
Use HTTP ClassLoader instead
2020-11-29 10:53:33 -06:00
f6f78d4710
Make changes suggested in code review
2020-11-26 13:46:02 +01:00
7fa10a0684
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:02 +01:00
5dc7e8f04e
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:02 +01:00
78c042cbb7
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
7894f1eb9a
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
fcde932e1b
Update modules/exploits/multi/http/apache_nifi_processor_rce.rb
...
Co-authored-by: cdelafuente-r7 <56716719+cdelafuente-r7@users.noreply.github.com >
2020-11-26 13:46:01 +01:00
Spencer McIntyre