adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,889 Commits 27 Branches 1,043 Tags
b40fc5afa8a6c75eb4765a3e9cfca87fbaa1e9db
Commit Graph

6614 Commits

Author SHA1 Message Date
jheysel-r7 d11c2be4ea Merge pull request #19375 from h4x-x0r/CVE-2024-20419 
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419) Module
 2024-09-24 12:19:54 -04:00
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
dledda-r7 0bf524482c Land #19345, Post module Windows LPE CVE-2024-30088 2024-09-17 08:13:21 -04:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
Jack Heysel c11ef15897 Removed unnecessary log lines 2024-09-11 23:49:18 -07:00
Jack Heysel 41cf622f38 Minor docs fix 2024-09-11 23:46:13 -07:00
Jack Heysel c80a03fece WP LiteSpeed exploit CVE-2024-44000 2024-09-11 23:31:26 -07:00
dledda-r7 5e2bf5aaca fix(modules): spip_bigup_unauth_rce minor fix 2024-09-11 11:46:52 -04:00
dledda-r7 62e852176d Land #19444, SPIP BigUp Plugin Unauthenticated RCE 2024-09-11 10:29:12 -04:00
Chocapikk c75ffb4d43 Update documentation 2024-09-08 07:19:35 +02:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Chocapikk f8675026ec Update documentation again 2024-09-08 06:32:05 +02:00
Chocapikk 289f47fac1 Update documentation with docker setup, working mixin now, update module 2024-09-08 05:59:11 +02:00
Valentin Lobstein 48f8e248a6 Update documentation/modules/exploit/multi/http/spip_bigup_unauth_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-07 01:49:57 +02:00
Chocapikk 8608e7021d Add spip_bigup_unauth_rce module 2024-09-06 22:10:18 +02:00
Chocapikk 7458a2dba3 Remove useless documentation 2024-09-03 20:29:45 +02:00
Chocapikk 36621c05d9 del documentation/modules/exploit/unix/webapp/spip_rce_form.md 2024-08-30 22:22:41 +02:00
Jack Heysel 7bfd814297 Removed memory polling 2024-08-30 12:52:18 -07:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
Jack Heysel f951f250f8 Land #19381, Fix gitlab_login scanner 
This fixes the gitlab_login scanner so that it uses the proper datastore
options Username and Password which are the standard for login scanners.
Before this fix the scanner was using HttpUsername and HttpPassword and
ignoring the datastore options Username and Password
 2024-08-30 08:36:08 -07:00
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Valentin Lobstein 2900d45e9f Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:32 +02:00
bwatters 02eb49ed00 Land #19395, Electerm post password gather module 
Merge branch 'land-19395' into upstream-master
 2024-08-27 16:17:45 -05:00
Chocapikk 06a9583cfd Fix typo 2024-08-27 22:16:11 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk d249711480 Update doc 2024-08-27 20:27:46 +02:00
jheysel-r7 61fa0c40b8 Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md 2024-08-27 14:14:28 -04:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
bwatters 4af2294709 Land #19386, Ivanti Virtual Traffic Manager (vTM) Authentication Bypass (CVE-2024-7593) Module 
Merge branch 'land-19386' into upstream-master
 2024-08-27 09:39:10 -05:00
bwatters f74b7ccef5 Land #19415, Update the ldap_esc_vulnerable_cert_finder module 
Merge branch 'land-19415' into upstream-master
 2024-08-26 18:28:33 -05:00
bwatters 84431b0a4e Land #19380, Control iD iDSecure Authentication Bypass (CVE-2023-6329) Module 
Merge branch 'land-19380' into upstream-master
 2024-08-26 18:09:09 -05:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow b3605bd951 Documentation 2024-08-26 19:59:17 +02:00
Chocapikk c32c1e3a66 Update doc 2024-08-24 17:31:09 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
h4x-x0r 6532255600 PoC & Documentation 
PoC & Documentation
 2024-08-23 23:21:49 +01:00
Spencer McIntyre 4cfa93f878 Update the ldap_esc_vulnerable_cert_finder module 2024-08-23 16:49:30 -04:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
三米前有蕉皮 c37b697b99 Update documentation/modules/post/multi/gather/electerm.md 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-08-22 22:27:51 +08:00
jheysel-r7 bde9fca9e4 Apply suggestions from code review 2024-08-22 02:35:21 -04:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00