ce6e0d1164
Merge pull request #20096 from h00die-gr3y/CVE-2025-30406
...
Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization [CVE-2025-30406]
2025-05-28 13:46:13 +02:00
e9c88b55f2
cleanup
2025-05-09 22:39:30 +01:00
803581ab81
CVE-2024-7399
2025-05-09 17:27:22 +01:00
908094da6b
update documentation with privileged escalation to system
2025-05-02 20:59:07 +00:00
1c5be6154a
second release including Triofox + documentation
2025-05-02 20:42:14 +00:00
fa0c29837e
Update author, rubocop, msftidy_docs
2025-03-27 09:36:10 -07:00
74cc1d313c
Add documentation
2025-03-27 09:28:44 -07:00
aaf95f9134
Apply suggestions from code review
2024-08-28 18:46:08 +01:00
7e9f52dd0b
Github release
2024-08-26 23:02:53 +02:00
b3605bd951
Documentation
2024-08-26 19:59:17 +02:00
8732d7cd58
LG Simple Editor Command Injection (CVE-2023-40504) Module
...
Exploit Module and Documentation for the LG Simple Editor Command Injection (CVE-2023-40504)
2024-08-07 05:16:25 +01:00
48c69b99fb
Land #19344 , FortiClient EMS FCTID SQLi to RCE fix for 7.2.x
2024-07-31 09:43:19 -04:00
c05aebe248
Formatting
2024-07-24 11:16:26 -07:00
e9cbb9287c
Add support for 7.2.x
2024-07-24 10:45:38 -07:00
636c72965c
Land #19084 , Add CVE-2022-1373 and CVE-2022-2334 exploit chain
...
Merge branch 'land-19084' into upstream-master
2024-07-19 12:22:25 -05:00
ecb628eaab
Add module and documentation
2024-06-20 15:30:54 +02:00
dc70aa0896
Land #19247 , PHP CGI Arg injection RCE
...
XAMPP installs running on Windows system configured to use Japanese or
Chinese (simplified or traditional) locales are vulnerable to a PHP CGI
argument injection vulnerability. This exploit module returns a session
running in the context of the Administrator user
2024-06-17 11:27:38 -07:00
d7531ef74c
fix typo in documentation
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-06-13 15:09:56 +01:00
18fe758416
Finish up and document the deserialization RCE
2024-06-12 08:58:37 -04:00
2d63038196
Update documentation/modules/exploit/windows/http/rejetto_hfs_rce_cve_2024_23692.md
...
fix a typo in the documentation.
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-06-11 16:23:56 +01:00
bf9b3f1d2a
add documentation
2024-06-10 17:41:55 +01:00
c8208704be
add in exploit module for CVE-2024-23692
2024-06-06 18:04:14 +01:00
a89d418725
review of northstar c2
2024-05-16 15:17:28 -04:00
19af4ae4e6
mermaid flow chart
2024-04-24 16:54:02 -04:00
9fb217fb59
northstar c2 exploit
2024-04-24 16:54:02 -04:00
50a303a6e5
Update references and documentation
2024-04-13 18:21:05 +08:00
6268235cd3
Add CVE-2022-1373 and CVE-2022-2334 exploit chain
2024-04-13 18:10:45 +08:00
dae9657433
FortiClient EMS Exploit Module
2024-04-12 10:00:07 -07:00
e58c6b9df2
Land #18721 , SharePoint Unauth RCE Exploit Chain (CVE-2023-29357 & CVE-2023-24955)
...
Merge branch 'land-18721' into upstream-master
2024-03-26 12:42:22 -05:00
4e4303c274
Fixed backup_bdc_metadata initialization
2024-02-15 09:26:54 -05:00
326b50bd4d
Responded to comments
2024-02-06 15:22:21 -05:00
5f1fa2a678
Apply suggestions from jvoisin
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-01-19 20:30:53 -05:00
854ec41db1
Initial commit
2024-01-19 15:22:22 -05:00
2f3e207277
Fixed documentation for exploit
2023-12-15 13:58:10 +01:00
9f9f18c73f
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2023-11-02 10:10:26 +08:00
00ccebe8ce
Upadte documentation for AjaxPro Deserializaion RCE
2023-10-31 13:31:10 +08:00
40683ff591
Add document for AjaxPro Deserialization RCE Module
2023-10-28 01:37:34 +08:00
557a15a115
spelling fixes on docs
2023-10-10 14:46:18 -04:00
623b589fb5
When I removed the PowerShell target I forgot to update the documentation, this commit updates the documentation to reflect the changes made to the exploit module.
2023-10-04 17:03:28 +01:00
1695a12c9c
Explicitly state both the release name (e.g. 2022.0.2) and the version number (e.g. 8.8.2) in a more consistent way.
2023-10-02 17:40:11 +01:00
53ed4a632b
add in exploit module for CVE-2023-40044 - WS_FTP unauthenticated RCE via .NET deserialization.
2023-10-02 11:42:19 +01:00
48cb2db70b
Update scenario
2023-09-01 03:48:08 +02:00
1d9c7fde77
Add LG Simple Editor Unauthenticated RCE (CVE-2023-40498) Exploit
2023-08-29 17:58:43 +02:00
7fa2586e34
Land #18247 , Netgear NMS RCE CVE-2023-38096/8
2023-08-28 11:23:08 +02:00
b10d677308
Doc update.
2023-08-25 21:18:48 +02:00
0fe335aff2
Update documentation/modules/exploit/windows/http/netgear_nms_rce.md
...
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com >
2023-08-24 16:10:30 +00:00
c216c5a184
Fix lines in SmarterMail RCE docs for linting with msftidy_docs
2023-08-23 23:07:07 +08:00
329920eeb2
Add Netgear NMS RCE (CVE-2023-38096/8) exploit
2023-08-02 18:03:57 +02:00
1706812099
Implemented requested changes
...
* Small fixes in Description - removed backticks
* Implemented Windows Command target
* Removed PowerShell Stager, in Targets and in exploit method
* Implemented Rex::Socket::Tcp in place of TCPSocket
* Updated TARGET section in documentation
* Added TARGET 0 - Windows Command scenario
* Removed PowerShell Stager scenario
* Replaced 'Using configured payload' lines to use Windows Command payload
for the 2nd, 3rd, and 4th scenarios. Did not rerun the scenarios, however
2023-07-07 04:14:20 -04:00
24ef4e1b90
Update documentation/modules/exploit/windows/http/smartermail_rce.md
...
Co-authored-by: adfoster-r7 <60357436+adfoster-r7@users.noreply.github.com >
2023-07-06 18:49:49 +03:00
Diego Ledda