adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55,775 Commits 27 Branches 1,043 Tags
ba2f786bbba7775dec47cd325b428e39e7eaecf2
Commit Graph

261 Commits

Author SHA1 Message Date
Spencer McIntyre bea42876ee Land #13067, PlaySMS template injection RCE 2020-04-03 10:22:35 -04:00
Spencer McIntyre bd835e8f2d Cleanup more status methods and move the module 2020-04-03 10:21:27 -04:00
bwatters-r7 859eda92bb Land #12759, Apache Solr Remote Code Execution via Velocity Template 
Merge branch 'land-12759' into upstream-master
 2020-04-02 11:23:33 -05:00
ide0x90 861b79bce7 Added new targets and made documentation consistent 2020-03-29 00:33:24 +08:00
h00die fd8420cef7 fix install lines 2020-03-24 09:36:17 -04:00
h00die e7da6e77a5 remove and check for instruction text 2020-03-24 09:15:04 -04:00
h00die 0b4c047411 doc cleanup 2020-03-24 08:47:21 -04:00
Andrea Cardaci 126f5ca05d Add 'Horde CSV import arbitrary PHP code execution' (CVE-2020-8518) 2020-03-14 16:07:51 +01:00
Adam Galway 0e163c69ab Land #12975, exploits RCE backdoor in PHPStudy 2020-03-10 11:56:26 +00:00
Spencer McIntyre eb90bee4a7 Land #12863, add exploit for PHP-FPM Underflow RCE 2020-03-05 11:43:43 -05:00
airevan adaa9e239a Add phpstudy backdoor exploit module 2020-02-23 10:23:32 +08:00
ide0x90 ac482a0d31 Typo in documentation 2020-02-19 23:32:07 +08:00
Christophe De La Fuente 828d974db5 Update code and documentation 
- Add `OperationMaxRetries` option documentation
- Add default value to `TARGETURI` and update the documentation
- Remove `PosOffset` advanced option and hardcode the value
- Update `Description`
- Move URI encoding logic to `send_crafted_request`
- Refactor `send_crafted_request` to handle the HTTP parameter and final & (%26)
 2020-02-17 18:25:10 +01:00
Christophe De La Fuente 226f4b0a53 Line wrap to 80 columns and small fix 
- Line wrap documentation to 80 columns
- Line wrap `Description` field to 80 columns
- Remove unnecessary unless statement
 2020-02-17 13:06:32 +01:00
Christophe De La Fuente 9193ace50b Add documentation 2020-02-14 17:17:45 -06:00
ide0x90 7a0bf69eb0 Major refactor, and more complete testing with cmd/unix payloads 2020-02-07 19:34:18 +08:00
h00die ca59b06fd3 module doc standardizations 2020-01-20 21:26:59 -05:00
h00die 50881c899a h1 to h2 2020-01-16 11:46:36 -05:00
h00die f970ea7963 example output to scenarios 2020-01-16 11:41:12 -05:00
h00die 947102e2fe sample output to scenarios 2020-01-16 11:15:06 -05:00
h00die a1978c76a6 fix up spaces on options header 2020-01-16 10:52:13 -05:00
h00die 4b0ab94043 module options to options 2020-01-16 10:49:22 -05:00
h00die 2fff1f66e9 vulnerable application h1 to h2 2020-01-16 10:44:35 -05:00
h00die 3a4209a092 verification to verification steps 2020-01-16 10:41:12 -05:00
h00die c904b9d2f2 scenario to scenarios 2020-01-16 10:36:38 -05:00
h00die fa73709b3e documentation standardization 2020-01-14 21:02:53 -05:00
ide0x90 44489f0326 Using heredoc, streamlined check for PowerShell, improved docs. 2019-12-29 12:00:50 +08:00
ide0x90 046d8cbedc REALLY added documentation. 
Made module work with base64.
Cleaned up template as per @acammack-r7 's suggestions.
 2019-12-26 23:35:34 +08:00
Brent Cook e1e668d7da Land #12651, add OpenMRS deserialization exploit 2019-12-16 11:31:24 -06:00
Shelby Pace a4ed143af6 Land #12364, add vBulletin widgetconfig RCE 2019-12-10 12:12:47 -06:00
Shelby Pace 3ddef6091c update scenarios section 2019-12-04 12:19:58 -06:00
Shelby Pace c7125b1b5f remove options section 2019-12-03 12:06:44 -06:00
Shelby Pace 6f153a885a add tested version 2019-12-02 08:42:45 -06:00
RAMELLA Sébastien eb2817b51f fix. typo into the documentation. 2019-11-22 20:10:29 +04:00
Shelby Pace 407adca9ec add docs 2019-11-21 14:15:57 -06:00
scanu92 a307f4f41a Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-03 00:32:10 +01:00
scanu92 1a4777670b Apply suggestions from code review 
Co-Authored-By: bcoles <bcoles@gmail.com>
 2019-11-03 00:30:18 +01:00
sk4 af0761bcfd Add CMS Made Simple object injection exploit module 2019-11-01 12:11:38 +01:00
Shelby Pace 0b4a0b3148 Land #12476, add Nostromo dir traversal RCE 2019-10-31 08:24:41 -05:00
Quentin Kaiser a55c5c6765 Update documentation/modules/exploit/multi/http/nostromo_code_exec.md 
s/Nostrom/Nostromo/

Co-Authored-By: Shelby Pace <40177151+space-r7@users.noreply.github.com>
 2019-10-30 15:38:50 +01:00
Quentin Kaiser f03f5e4904 Documentation updated based on latest module version. 2019-10-29 16:13:25 +01:00
William Vu 3565b0efb8 Land #12365, Total.js CMS widget creation RCE 2019-10-21 15:22:09 -05:00
Quentin Kaiser 295d609595 Add CVE-2019-16278 exploit documentation. 2019-10-21 21:15:04 +02:00
RAMELLA Sébastien 861dc9969f fix. typo in documentation file. 2019-10-18 16:07:55 +04:00
RAMELLA Sébastien 25f60b07ed compliance for the framework 2019-10-18 15:51:58 +04:00
Wei Chen a3331dba9f Move totaljs cms module and doc 2019-10-15 10:11:14 -05:00
William Vu ade9c23772 Don't be lazy and spell out "introduction" in docs 
This was unfortunately my doing, and then people copied me.
 2019-09-30 16:58:00 -05:00
RAMELLA Sébastien 28bbcd5402 fix. linux stager and add. documentation 2019-09-26 16:26:44 +04:00
Wei Chen 8dc238e687 Add TotaJS CMS Code Injection in Widget Creation 2019-09-25 16:54:44 -05:00
Shelby Pace c4bd91f505 Land #12272, add October CMS file upload 2019-09-06 10:13:33 -05:00