adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,351 Commits 27 Branches 1,043 Tags
a2a4489ce4b8b1947f4ebe330507ffd07a25bddf
Commit Graph

3384 Commits

Author SHA1 Message Date
Ismail Dawoodjee a2a4489ce4 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-16 13:50:13 +06:30
Jack Heysel 900e418796 Land #18226, H2 Web Interface RCE 
This PR adds a module to exploit an RCE feature in
the H2 databases Web Interface.
 2023-08-15 16:23:09 -04:00
Spencer McIntyre 53bd5bfb0a Fix a typo in the docs 2023-08-15 10:23:28 -04:00
Ismail Dawoodjee bdaaef8d60 Merge branch 'rapid7:master' into apache_airflow_dag_rce 2023-08-15 12:24:06 +06:30
Jack Heysel 6cf136ec3a Land #18263, Add RaspAP Unauth Command Injection 
This PR adds an unauthenticated command injection
module for the RaspAP webgui application.
 2023-08-14 23:25:23 -04:00
Jack Heysel 99e78a4c00 Update documentaion file 2023-08-14 21:01:10 -04:00
Ismail Dawoodjee 4953dad2fc Update scenario code block to use "msf" instead of "rb" - 3rd scenario 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:29:29 +06:30
Ismail Dawoodjee 94521e2dc3 Update scenario code block to use "msf" instead of "rb" - 2nd scenario 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:29:08 +06:30
Ismail Dawoodjee ac2d2588d9 Update scenario code block to use "msf" instead of "rb" 
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com>
 2023-08-12 09:28:19 +06:30
Ismail Dawoodjee 54b0abb318 Apache Airflow 1.10.10 - Example DAG Remote Code Execution (CVE-2020-11978 + CVE-2020-13927) 2023-08-11 21:43:16 +06:30
Ege Balcı da9200819d Update scenarios for new targets 2023-08-10 00:55:52 +02:00
cgranleese-r7 214c788ce7 Land #18232, metabase setup token rce (cve-2023-38646) 2023-08-09 09:44:53 +01:00
wvu 3be876b9dc Update pam_username_bof.md 2023-08-09 00:24:53 -05:00
h00die 9516592eb6 metabase setup token rce 2023-08-08 17:16:56 -04:00
h00die ec5317a789 h2 doc addition 2023-08-08 17:15:22 -04:00
h00die 97daf47269 h2 web interface shell 2023-08-08 17:15:22 -04:00
Ege Balcı 41f0c30855 Add RaspAP Unauthenticated Command Injection (CVE-2022-39986) Exploit 2023-08-04 21:22:07 +02:00
Christophe De La Fuente 4a7836055e Land #18211, Subrion CMS v4.2.1 RCE 2023-08-03 19:03:44 +02:00
Christophe De La Fuente 00006fffae Land #18240, Citrix RCE - CVE-2023-3519 2023-08-03 18:55:48 +02:00
Spencer McIntyre 67e1c57b7c Fix some buffer encoding issues 2023-08-03 12:47:14 -04:00
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
Spencer McIntyre 692c625752 Add module docs 2023-08-01 12:28:13 -04:00
Ismail Dawoodjee 11fb61c3b6 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-08-01 14:24:37 +03:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die b2869a5550 version numbers for apache nifi rce 2023-07-31 17:16:26 -04:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Christophe De La Fuente a7402fb5f1 Land #18205, Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-31 15:15:07 +02:00
ismaildawoodjee 154387f99a Add additional installation instructions and scenarios 2023-07-30 07:28:16 -04:00
Ismail Dawoodjee c4d089b884 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-28 23:13:11 +03:00
Ege Balcı 0996938113 Add note for Windows compatibility 2023-07-28 17:06:38 +02:00
ErikWynter 40ef9d496a add docs for wd_mycloud_unauthenticated_cmd_injection 2023-07-28 10:16:50 +03:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 103f9a3f60 Update install instructions and scenario 2023-07-26 18:08:54 +02:00
Ege Balcı 00f2fe03be Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı fa3638b10e Update documentation/modules/exploit/multi/http/rudder_server_sqli_rce.md 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 5018c0cdc5 Add documentation 2023-07-26 16:26:17 +02:00
Ismail Dawoodjee 867282ba96 Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 23:09:30 +03:00
Christophe De La Fuente c7f8ce5acd Land #18199, VMWare vRealize Network Insight pre-authenticated RCE CVE-2023-20887 2023-07-25 17:45:30 +02:00
Ismail Dawoodjee 78c1f75f2a Merge branch 'rapid7:master' into subrion_cms_file_upload_rce 2023-07-25 18:01:08 +03:00
cgranleese-r7 52b417b1af Update documentation/modules/exploit/multi/http/wp_plugin_fma_shortcode_unauth_rce.md 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y a3daab88e6 Added documentation and updated exploitable plugins list 2023-07-25 14:06:42 +01:00
ismaildawoodjee 3ce382dcc2 Fix issues with msftidy_docs.rb 2023-07-25 03:48:58 -04:00
ismaildawoodjee 568849fad3 Add scenario for Ubuntu 20.04 2023-07-24 11:03:49 -04:00
ismaildawoodjee 4e16307165 Add module and documentation for Subrion CMS v4.2.1 RCE 2023-07-21 17:22:58 -04:00
Jack Heysel 586971c1fd Fix incomplete copy pasta in docs 2023-07-21 14:38:07 -04:00
Jack Heysel ee26e7f926 Rubocop fixes 2023-07-20 16:40:28 -04:00
Jack Heysel 421b06119f Update docs 2023-07-20 14:55:27 -04:00
Jack Heysel d03157fcc1 Installation instructions 2023-07-19 14:23:17 -04:00
h00die 530934f78a review comments 2023-07-19 11:42:47 -04:00