6e696e24e5
Land #19457 , WP Plugin LiteSpeed Cache Account Take Over Module
2024-09-17 06:30:33 -04:00
84a8eb7273
Respond to comments
2024-09-16 09:46:57 -07:00
96e506d9f5
Fix cookie regex
2024-09-13 09:36:18 -07:00
e7da81c271
Fix AdminCookieError admin_cookie check
2024-09-13 09:35:43 -07:00
300d2f5aa9
Apply suggestions from code review
...
Co-authored-by: Valentin Lobstein <88535377+Chocapikk@users.noreply.github.com >
2024-09-13 11:58:08 -04:00
38a3e7696d
Responded to comments
2024-09-12 07:36:16 -07:00
c80a03fece
WP LiteSpeed exploit CVE-2024-44000
2024-09-11 23:31:26 -07:00
dd5dd54af1
beta commit module working
2024-09-11 15:23:46 -07:00
5e2bf5aaca
fix(modules): spip_bigup_unauth_rce minor fix
2024-09-11 11:46:52 -04:00
62e852176d
Land #19444 , SPIP BigUp Plugin Unauthenticated RCE
2024-09-11 10:29:12 -04:00
9de9b525d9
Land #19432 , Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin
2024-09-11 14:57:48 +01:00
af5c7ecc8f
Fix bug
2024-09-08 07:54:11 +02:00
4f859f129c
Fix bug
2024-09-08 07:52:40 +02:00
59faa1bf0c
Change version fingerprinting
2024-09-08 07:01:23 +02:00
43fabb07e5
Update doc + module + (mixin see #19444 )
2024-09-08 06:56:13 +02:00
289f47fac1
Update documentation with docker setup, working mixin now, update module
2024-09-08 05:59:11 +02:00
cc6127897f
Add suggestions
2024-09-07 04:00:25 +02:00
0b768791d6
Update modules/exploits/multi/http/spip_bigup_unauth_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-07 01:56:21 +02:00
484cdc940f
Update modules/exploits/multi/http/spip_bigup_unauth_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-07 01:56:09 +02:00
c90f9b1ae5
Update modules/exploits/multi/http/spip_bigup_unauth_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-07 01:55:54 +02:00
92a25e5a29
Add source (oopsie)
2024-09-07 03:11:49 +02:00
8b1e1dab1b
Add some comments and CVE ID
2024-09-07 03:09:42 +02:00
fdc28080c9
Update disclosure date
2024-09-06 22:14:27 +02:00
8608e7021d
Add spip_bigup_unauth_rce module
2024-09-06 22:10:18 +02:00
152710403d
Land #19330 , Add SSL opt in start_service
...
The start_service method now allows users to specify their SSL
preferences directly through the opts parameter. If the ssl option is
not provided in opts, it will default to the value in datastore["SSL"]
2024-09-05 09:08:07 -07:00
434593dcb4
Suggestion and rubocop fixes
2024-09-05 08:49:32 -07:00
37042d837e
Add spip_plugin_version function to retrieve plugin version from config.txt or Composed-By header
2024-09-04 22:17:06 +02:00
b8a1d40f46
Rename execute_command to send_payload in line with its actual function (avoiding confusion with cmdstager)
2024-09-04 21:14:39 +02:00
8024533ab4
More readable check functions
2024-09-04 21:09:49 +02:00
28ac6f5e07
add CheckCode:Safe
2024-08-30 21:58:30 +02:00
4994ebbef5
fix: right versions in spip_porte_plume_previsu.rb
2024-08-30 21:53:47 +02:00
effbfac806
fix: right versions in spip_rce_form.rb ....
2024-08-30 21:50:11 +02:00
53f0bc398c
fix: correct version handling error in SPIP check
2024-08-30 21:46:35 +02:00
586cf482ce
Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin
2024-08-30 20:37:32 +02:00
6b640d0506
some small final changes
2024-08-29 11:23:58 -05:00
003769f1d7
Added POC reference
2024-08-29 11:23:58 -05:00
1d60705516
dynamic feature type enhancement
2024-08-29 11:23:58 -05:00
84ffa524e5
Land #19424 , WordPress GiveWP Plugin RCE
2024-08-28 21:09:42 +01:00
71ee987079
Add additional documentation steps, and use 0 for the payload http timeout
2024-08-28 19:21:27 +01:00
9eb630d993
Add credit
2024-08-28 19:20:32 +02:00
6bec3d2db0
Lint
2024-08-28 19:16:26 +02:00
57343d3bc4
Update modules/exploits/multi/http/wp_givewp_rce.rb
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-28 13:00:20 +02:00
1d7cffbdac
Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932
...
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
2024-08-27 22:15:12 +02:00
8bf354cad2
Land #19417 , Improve wp_backup_migration_php exploit
...
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
2024-08-27 15:17:00 -04:00
7f37731396
Lint
2024-08-27 21:14:35 +02:00
80c784f0e8
Update detail about payloads
2024-08-27 21:07:18 +02:00
23cd137fbd
Update module
2024-08-27 20:28:44 +02:00
bc7840ea7f
Add wp_givewp_rce exploit module
2024-08-27 19:50:35 +02:00
6c24e0a952
Land #19393 , Update OFBiz ProgramExport RCE for Patch Bypass
...
Merge branch 'land-19393' into upstream-master
2024-08-27 11:48:38 -05:00
3ad24b45e3
Land #19241 , Remove uri unescape usage
2024-08-27 15:22:43 +01:00
dledda-r7