abb2eb7ffd
Land #18891 , Add RCE module for wp bricks builder
...
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
2024-03-26 14:46:35 -07:00
44c5422e07
Land #18922 , JetBrains TeamCity Unauthenticated RCE exploit module (CVE-2024-27198)
2024-03-13 20:16:27 +01:00
5c56d6a4fc
typo
2024-03-05 14:47:04 +00:00
b925f798e5
typo and clarify description
2024-03-05 14:39:17 +00:00
aac4ef09cc
add in disclosure date and blogs
2024-03-05 11:09:22 +00:00
a5fb83d0e1
add in 2023.11.2 as tested on
2024-03-01 17:03:38 +00:00
9988117cca
rename with cve number
2024-03-01 16:42:59 +00:00
a73a7531a9
Land #18827 , Add module for BoidCMS CVE-2023-38836
...
This is an authenticated RCE against BoidCMS versions 2.0.0 and earlier.
The underlying issue is that the file upload check allows a php file to
be uploaded and executes as a media file if the GIF header is present in
the PHP file.
2024-02-29 21:31:44 -08:00
550c6f030a
Updates based on jheysel-r7's suggestions
2024-02-29 12:42:22 -06:00
b7200b52e1
typo
2024-02-27 14:58:56 +00:00
f52543b4a6
Older version of TeamCity (circa 2018) do not support access tokens, so we can fall back on creating an admin user accoutn before we upload the plugin. Creating an access token is better as we can delete the token, unlike the user account.
2024-02-27 12:01:57 +00:00
f04b66d6dd
Add wp_bricks_builder_rce
2024-02-26 22:09:38 +01:00
d7a0dee7d1
@rad10 noted the download link we gave no longer works, but has provided a second link, so adding that to the docs
2024-02-23 17:54:14 +00:00
f3af1836ce
allow a custom USERNAME and PASSWORD to be specified if needed. Will default to a random value. Also use Faker::Internet.email to gen an email address
2024-02-23 17:46:49 +00:00
47596c6a0c
add in docs
2024-02-23 14:30:53 +00:00
003d5e7006
The check routine can now display the targets platform in addition to the version number (we can determine this with a single request, so there is no major change here). This is usefull so you know what platform to set the exploits target to (so you can select an appropriate payload). Thanks @iagox86 for the idea!
2024-02-22 19:23:48 +00:00
79bfbe4310
now that Linux is a target we have to move this to the multi directory
2024-02-22 16:34:43 +00:00
c298540bea
Add documentation and fix default payloads
2024-02-16 16:49:49 -06:00
85974d16c2
Land #18769 , Add Cacti RCE via SQLi Module
...
This exploit module leverages a SQLi (CVE-2023-49085) and
a LFI (CVE-2023-49084) vulnerability in Cacti versions prior
to 1.2.26 to achieve RCE
2024-02-02 11:46:10 -05:00
b91648f065
Fix typos
2024-02-02 11:45:51 +01:00
be2d2d61ca
Land #18762 , Add exploit module for CVE-2024-0204
...
This pull request adds an exploit module for CVE-2024-0204
in Fortra GoAnywhere MFT. GoAnywhere MFT versions 6.x from
6.0.1, and 7.x before 7.4.1 are vulnerable.
2024-02-01 22:36:32 -05:00
f10619d870
Add module and documentation
2024-01-30 12:52:02 +01:00
577898d91b
Check the response when exploiting
2024-01-29 14:38:49 -05:00
c70092a2c7
bugfix a copy pasta whereby a path seperator was not being added as expected
2024-01-29 17:52:37 +00:00
08a19959fe
add an RCE exploit module for CVE-2024-0204 in Fortra GoAnywhere MFT
2024-01-29 17:17:45 +00:00
8a793dd1b0
Use the correct exploit and use sh instead of bash
2024-01-29 09:03:25 -05:00
9e41825e51
Finish up the exploit
...
Tested on Linux (versions 4.1.1, 4.3.0, and 4.4.0) and Windows (version
4.4.0).
2024-01-26 17:20:54 -05:00
deabf9b1d8
Add module docs
2024-01-24 12:49:27 -05:00
847a72c417
Land #18638 , add exploit for CVE-2022-42889 Apache Commons Text RCE
2024-01-19 13:02:53 +01:00
b8aa55c322
Land #18633 , WordPress Backup Migration Plugin PHP Filter Chain RCE (CVE-2023-6553)
2024-01-17 18:42:52 +01:00
225ef6847f
Add output from test run on windows target
2024-01-15 00:26:47 +05:30
6d8666e35b
Fixed spacing and removed unused method
2024-01-11 13:13:57 -05:00
cdc66dd91f
Last minute fix
2024-01-11 12:56:01 -05:00
5c7061cc0c
Remove OS dependant payload
2024-01-11 12:30:04 -05:00
98667edf76
Add suggested changes
2024-01-05 22:31:51 +05:30
d0beea91bd
Add exploit for CVE-2022-42889
2023-12-25 00:43:50 +05:30
eeb74cd5e1
Updated metadata
2023-12-20 16:49:45 -05:00
e3062d45e0
Module working docs updated
2023-12-20 16:41:52 -05:00
c895364675
Initial commit, files created
2023-12-18 19:26:14 -05:00
45d2c7f4e0
Land #18566 , CVE-2023-22518: Confluence Auth Bypass Restore From Backup RCE
2023-12-18 18:51:36 +01:00
862194d63f
Documentation and rubocop changes
2023-12-11 19:01:35 -05:00
402434bbf2
Add module output
2023-11-28 08:41:35 +01:00
bfd22f8f01
Update documentation/modules/exploit/multi/http/wp_royal_elementor_addons_rce.md
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-28 08:15:14 +01:00
31daaf58fe
Add wp_royal_elementor_addons_rce
2023-11-23 05:15:28 +01:00
d960aa522c
Land #18348 , Splunk account take over (CVE-2023-32707) leading to RCE
2023-10-26 11:34:02 -04:00
1ac0e2dc66
Update splunk_privilege_escalation_cve_2023_32707.md
2023-10-23 11:31:19 +02:00
da9d04d32d
Land #18461 , CVE-2023-22515 - Atlassian Confluence unauthenticated RCE
2023-10-19 10:22:57 +02:00
c63aaba760
add in documentation for Options
2023-10-18 10:05:05 +01:00
1c027ac05c
add an RCE exploit for CVE-2023-22515
2023-10-16 20:50:18 +01:00
86b7ec4518
Address comments from the review
2023-10-12 09:50:19 -04:00
Jack Heysel