17c393f101
Land #14046 , Adding juicypotato-like privilege escalation exploit for windows
2021-01-06 16:02:05 +01:00
7cab5568ab
Land #14568 , add total upkeep backup download
2021-01-05 14:01:04 -06:00
54f5e565fa
Land #14330 , SpamTitan Gateway Remote Code Execution
...
Merge branch 'land-14330' into upstream-master
2021-01-04 12:14:12 -06:00
c64d0038ab
review step 1
2020-12-31 12:54:33 -05:00
ff3dd7b73a
first go of wp_total_upkeep
2020-12-30 16:34:12 -05:00
8701a2e6e8
Remove the deprecated SOCKS modules in favor of the new unified one
2020-12-29 13:33:06 -05:00
7de662c807
Land #14521 , Struts2 Multi Eval OGNL RCE
2020-12-23 11:40:16 -06:00
70f8ff31f8
Update documentation to include missing extra options I forgot to document, edit the wording on the module to match the documentation, and do final touch ups.
2020-12-23 10:50:22 -06:00
799b451324
Add in updates to documentation to fix spelling mistakes and to also add in missing documentation for some options, plus to make some explanations a bit clearer.
2020-12-22 17:33:40 -06:00
4a449f97d3
Land #14522 , Replace hard-coded Shiro default key with ENC_KEY
2020-12-22 09:26:49 -06:00
24e8aeffe5
Incorporate review feedback and update the associated documentation.
2020-12-21 17:29:21 -06:00
2c66beac17
Land #14429 , Create shodan_host.rb, a module to grab ports from a given IP using Shodan
2020-12-21 15:58:17 -06:00
12277d3020
Apply RuboCop changes to the exploit module and also make final adjustments to the exploit code to handle some edge cases and fix review comments
2020-12-21 15:26:48 -06:00
39110d04f0
Add note about needing an Oracle account
2020-12-18 21:20:29 -06:00
4d85602fae
Fix incorrect scenario header in module doc
...
I retested in VirtualBox and updated the output but not the header.
2020-12-18 21:15:05 -06:00
57c57a398d
Adding new check to filter out Windows 7 and Windows XP. Indeed, lab experiments has shown that BITS does not attempt to connect to WinRM port, making those systems not vulnerable.
2020-12-19 02:51:48 +01:00
11faafa4e9
Land #14474 , Wordpress 2-day: easy-wp-smtp arbitrary wordpress user password reset
2020-12-18 17:07:46 -05:00
764efbeac3
Fixup a typo, an unnecessary statement and clarify a statement
2020-12-18 17:07:16 -05:00
3cb39c2fca
Land #14497 , wordpress uplicator plugin arbitrary file read
2020-12-18 17:05:40 -05:00
dc6b67f4c6
Land #14509 , Fixes for Solr RCE
2020-12-18 21:51:06 +01:00
9e6d20a83c
create aggressive mode and some review
2020-12-18 15:30:45 -05:00
9b8b4621df
Land #14368 , Pulse Connect Secure gzip RCE: cve-2020-8260
2020-12-17 17:43:55 -05:00
a1702e8b53
rubocop and minor adjustments
2020-12-17 06:39:43 -05:00
87dacce2cd
Land #14446 , Add Oracle Solaris SunSSH PAM parse_user_name() exploit (CVE-2020-14871)
2020-12-16 16:01:32 -05:00
c586bde50d
Update documentation to add SNMPPORT option description
2020-12-16 15:20:10 +01:00
60bcc95edc
Fix documentation
2020-12-16 15:15:27 +01:00
298deae709
Add documentation
2020-12-16 15:15:27 +01:00
3d7ed70cec
Tweak the check method and add module docs
2020-12-15 19:49:29 -05:00
246c455c96
Reformat the struts2_namespace_ognl module docs
2020-12-15 09:13:06 -05:00
fc96ae0583
Create shodan_host.md
2020-12-15 10:30:58 +08:00
a30cdfc892
Fix #14254 , Add CVE-2020-1054, win32k DrawIconEx OOB Write LPE
2020-12-14 14:54:54 +00:00
98d6364248
Land #14482 , Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-14 15:10:09 +01:00
910463b492
Update wp_duplicator_file_read.md
2020-12-13 21:13:33 -05:00
f255724e01
Changes to support older Solr (tested 5.3.0)
...
Use a new parameter instead of a header because older versions don't
have access to the request object.
There was an issue where the exploit would fail if the exec returned -1
despite the payload otherwise working, fixed by not trying to return
output in that case.
Also updates the documentation to reflect that we have a Java target now
and quoting is no longer a concern.
2020-12-13 19:05:47 -06:00
cbc99363e9
Update wp_duplicator_file_read.md
2020-12-12 22:55:44 +07:00
d35d5f1061
Update wp_duplicator_file_read.md
2020-12-12 21:30:56 +07:00
ba125c1c64
Merge remote-tracking branch 'upstream/master' into feature/solaris
2020-12-11 14:25:05 -06:00
e02451fe13
Fixing mistake in doc.
2020-12-11 04:53:37 -05:00
9c9e8929af
Adding a scenario.
2020-12-11 04:50:53 -05:00
53a12a7984
Updating doc.
2020-12-11 03:53:25 -05:00
477c09a7ed
Create wp_duplicator_file_read.md
...
Duplicator 1.3.24 & 1.3.26 - Unauthenticated Arbitrary File Download
2020-12-11 01:15:52 -05:00
83943adf8b
Land #14466 , add Aerospike UDF rce
2020-12-10 11:07:56 -06:00
a9e231ad0a
Use CVE-2020-5752 path traversal bypass for CVE-2019-3999
2020-12-10 12:14:47 +00:00
c005492ee9
Updating doc.
2020-12-10 00:58:53 -05:00
9452c1dcfa
Fix merge conflict from #14202 , in linear history
2020-12-09 17:24:29 -06:00
d337d832b8
Land #14422 , add GitLab file read/rce
2020-12-09 11:34:14 -06:00
fb9b1c5de4
Land #14409 , add weak services technique to the service permissions LPE
2020-12-09 17:16:53 +00:00
59339f3337
Land #14418 , Wordpress plugin Email Subscribers & Newsletters sqli (CVE-2019-20361)
2020-12-09 10:29:32 -05:00
90a99ae7c3
Land #14423 , Expand wordpress_scanner to look for themes & plugins
2020-12-09 09:12:28 -05:00
e3e3895ec5
forgot an R
2020-12-08 20:58:29 -05:00
Christophe De La Fuente