adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,889 Commits 27 Branches 1,043 Tags
b40fc5afa8a6c75eb4765a3e9cfca87fbaa1e9db
Commit Graph

3882 Commits

Author SHA1 Message Date
Jack Heysel 8e2dbbbd56 Land #19416, Add Traccar RCE module 
This module exploits two vulnerabilities in Traccar v5.1 - v5.12 to
obtain remote code execution: A path traversal vulnerability
CVE-2024-24809 and an unrestricted file upload vulnerability
CVE-2024-31214.
 2024-09-23 15:25:02 -07:00
dledda-r7 0bf524482c Land #19345, Post module Windows LPE CVE-2024-30088 2024-09-17 08:13:21 -04:00
dledda-r7 6e696e24e5 Land #19457, WP Plugin LiteSpeed Cache Account Take Over Module 2024-09-17 06:30:33 -04:00
Jack Heysel 84a8eb7273 Respond to comments 2024-09-16 09:46:57 -07:00
Jack Heysel c11ef15897 Removed unnecessary log lines 2024-09-11 23:49:18 -07:00
Jack Heysel 41cf622f38 Minor docs fix 2024-09-11 23:46:13 -07:00
Jack Heysel c80a03fece WP LiteSpeed exploit CVE-2024-44000 2024-09-11 23:31:26 -07:00
dledda-r7 5e2bf5aaca fix(modules): spip_bigup_unauth_rce minor fix 2024-09-11 11:46:52 -04:00
dledda-r7 62e852176d Land #19444, SPIP BigUp Plugin Unauthenticated RCE 2024-09-11 10:29:12 -04:00
Chocapikk c75ffb4d43 Update documentation 2024-09-08 07:19:35 +02:00
Chocapikk 43fabb07e5 Update doc + module + (mixin see #19444) 2024-09-08 06:56:13 +02:00
Chocapikk f8675026ec Update documentation again 2024-09-08 06:32:05 +02:00
Chocapikk 289f47fac1 Update documentation with docker setup, working mixin now, update module 2024-09-08 05:59:11 +02:00
Valentin Lobstein 48f8e248a6 Update documentation/modules/exploit/multi/http/spip_bigup_unauth_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-09-07 01:49:57 +02:00
Chocapikk 8608e7021d Add spip_bigup_unauth_rce module 2024-09-06 22:10:18 +02:00
Chocapikk 7458a2dba3 Remove useless documentation 2024-09-03 20:29:45 +02:00
Chocapikk 36621c05d9 del documentation/modules/exploit/unix/webapp/spip_rce_form.md 2024-08-30 22:22:41 +02:00
Jack Heysel 7bfd814297 Removed memory polling 2024-08-30 12:52:18 -07:00
Chocapikk 586cf482ce Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin 2024-08-30 20:37:32 +02:00
adfoster-r7 84ffa524e5 Land #19424, WordPress GiveWP Plugin RCE 2024-08-28 21:09:42 +01:00
adfoster-r7 71ee987079 Add additional documentation steps, and use 0 for the payload http timeout 2024-08-28 19:21:27 +01:00
adfoster-r7 fabb5d1f78 Land #19422, pgAdmin 8.4 RCE / CVE-2024-3116 2024-08-28 18:54:53 +01:00
adfoster-r7 aaf95f9134 Apply suggestions from code review 2024-08-28 18:46:08 +01:00
Valentin Lobstein 2900d45e9f Update documentation/modules/exploit/multi/http/wp_givewp_rce.md 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-08-28 13:00:32 +02:00
Chocapikk 06a9583cfd Fix typo 2024-08-27 22:16:11 +02:00
Chocapikk 1d7cffbdac Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932 
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
 2024-08-27 22:15:12 +02:00
Jack Heysel 8bf354cad2 Land #19417, Improve wp_backup_migration_php exploit 
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
 2024-08-27 15:17:00 -04:00
Chocapikk d249711480 Update doc 2024-08-27 20:27:46 +02:00
jheysel-r7 61fa0c40b8 Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md 2024-08-27 14:14:28 -04:00
Chocapikk bc7840ea7f Add wp_givewp_rce exploit module 2024-08-27 19:50:35 +02:00
bwatters 6c24e0a952 Land #19393, Update OFBiz ProgramExport RCE for Patch Bypass 
Merge branch 'land-19393' into upstream-master
 2024-08-27 11:48:38 -05:00
igomeow 7e9f52dd0b Github release 2024-08-26 23:02:53 +02:00
igomeow b3605bd951 Documentation 2024-08-26 19:59:17 +02:00
Chocapikk c32c1e3a66 Update doc 2024-08-24 17:31:09 +02:00
Chocapikk 4ee30b24cb Rewrite wp_backup_migration_php_filter 2024-08-24 17:16:58 +02:00
h4x-x0r 6532255600 PoC & Documentation 
PoC & Documentation
 2024-08-23 23:21:49 +01:00
dledda-r7 ec5892ff1f Land #19363, Ray Modules CVE-2023-6019 CVE-2023-6020 CVE-2023-48022 2024-08-23 04:55:17 -04:00
jheysel-r7 bde9fca9e4 Apply suggestions from code review 2024-08-22 02:35:21 -04:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
dledda-r7 35da4662ed Land #19351, DIAEnergie SQL Injection 2024-08-21 09:44:15 -04:00
dwelch-r7 f3a220518a Land #19394, SPIP Unauthenticated RCE Exploit 2024-08-21 13:58:26 +01:00
Chocapikk 62ab17b14d Update documentation and Docker Compose for SPIP, remove Rex.sleep() in Metasploit module due to stable payload. 2024-08-20 19:41:05 +02:00
Takah1ro 52852cea72 Add cve ref 2024-08-20 12:59:52 +09:00
Chocapikk c7d20853d6 Update documentation 2024-08-19 19:51:36 +02:00
Chocapikk 3d90eb0f43 Add spip_porte_plume_previsu_rce 2024-08-16 10:50:23 +02:00
Takah1ro 209f172aa1 Update document 2024-08-16 08:56:01 +09:00
Takah1ro 7258ca4fb1 Remove unnecessary option for simplicity 2024-08-16 08:49:34 +09:00
jheysel-r7 ea10360c81 Update OFBiz ProgramExport RCE for Patch Bypass 2024-08-15 09:18:15 -07:00
Takah1ro ea1b9e925e Delete old three exploits in one module 2024-08-15 08:17:36 +09:00
cgranleese-r7 dbc51d1cd4 Land #19347, OpenMetadata authentication bypass and SpEL injection exploit chain[CVE-2024-28255 and CVE-2024-28254] 2024-08-14 16:06:10 +01:00