531ed162db
Land #19733 , exploit module for CVE-2022-40471 - unauthenticated RCE
2024-12-18 12:44:34 +01:00
6f9982db54
Land #19647 Added module for WSO2 API Manager RCE
...
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
2024-12-16 07:27:23 -08:00
d196591845
Modified documentation
2024-12-16 15:47:30 +05:30
06528abe05
Added documentation
2024-12-16 15:33:29 +05:30
e06dd6deea
Update documentation
2024-12-12 22:10:11 +01:00
7d559e0b34
Add exploit module for CVE-2024-8856 - WP Time Capsule RCE
2024-12-11 01:14:17 +01:00
0b5e221620
Land #19533 , Update werkzeug rce module
2024-12-09 12:56:35 -08:00
4ce4cf472e
Update werkzeug_debug_rce.md
...
Added note about python3 version in verification steps because the version may change when a newer docker image becomes available.
Added report.txt as a file because I apparently forgot it before and the containers fail to build without it.
2024-12-08 21:11:03 +00:00
0e5cf3f7ba
Land #19649 , Primefaces RCE (CVE-2017-1000486)
2024-12-06 16:22:06 -08:00
5290750cca
Update doc
2024-12-05 16:19:14 +01:00
a123234141
Add CVE-2024-10924
2024-12-05 16:19:09 +01:00
fabced539d
Apply suggestions from code review
...
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com >
2024-12-04 16:44:48 +01:00
492ccca1aa
review
2024-11-23 12:43:35 -05:00
dc445ed1ac
Apply suggestions from code review
2024-11-23 00:57:08 +01:00
09d84eaabb
Added module for WSO2 API Manager Documentation File Upload Remote Code Execution
...
Closes #19646
on-behalf-of: @redwaysecurity <info@redwaysecurity.com >
2024-11-14 18:34:11 +01:00
222df0bfdf
Land #19527 Add bypass for GiveWP RCE (CVE-2024-8353)
...
This updates the exploit module wp_giveup_rce_bypass to incorporate the bypass CVE, allowing the payload to work on all affected versions of the GiveWP plugin.
2024-10-30 16:29:14 -04:00
6c099f2b73
Add WordPress wp-automatic SQLi to RCE module (CVE-2024-27956)
2024-10-14 18:13:17 +02:00
5228acb0f1
Update werkzeug_debug_rce docs to show modified output
2024-10-13 23:11:52 +01:00
f369a80fcc
Satisfy msftidy_docs against werkzeug_debug_rce.md
2024-10-13 22:55:12 +01:00
f3bb48f277
Update werkzeug_debug_rce documentation to include new logged messages
2024-10-07 11:56:16 +01:00
97c5afed52
Update werkzeug exploit module documentation
2024-10-06 20:19:48 +01:00
48e740d1fc
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: cgranleese-r7 <69522014+cgranleese-r7@users.noreply.github.com >
2024-10-03 16:34:24 +02:00
58878db970
update doc
2024-10-02 19:56:22 +02:00
fbb74a6d2d
Add bypass for GiveWP RCE (CVE-2024-8353)
2024-10-02 19:53:20 +02:00
6e696e24e5
Land #19457 , WP Plugin LiteSpeed Cache Account Take Over Module
2024-09-17 06:30:33 -04:00
84a8eb7273
Respond to comments
2024-09-16 09:46:57 -07:00
c11ef15897
Removed unnecessary log lines
2024-09-11 23:49:18 -07:00
41cf622f38
Minor docs fix
2024-09-11 23:46:13 -07:00
c80a03fece
WP LiteSpeed exploit CVE-2024-44000
2024-09-11 23:31:26 -07:00
5e2bf5aaca
fix(modules): spip_bigup_unauth_rce minor fix
2024-09-11 11:46:52 -04:00
62e852176d
Land #19444 , SPIP BigUp Plugin Unauthenticated RCE
2024-09-11 10:29:12 -04:00
c75ffb4d43
Update documentation
2024-09-08 07:19:35 +02:00
43fabb07e5
Update doc + module + (mixin see #19444 )
2024-09-08 06:56:13 +02:00
f8675026ec
Update documentation again
2024-09-08 06:32:05 +02:00
289f47fac1
Update documentation with docker setup, working mixin now, update module
2024-09-08 05:59:11 +02:00
48f8e248a6
Update documentation/modules/exploit/multi/http/spip_bigup_unauth_rce.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-09-07 01:49:57 +02:00
8608e7021d
Add spip_bigup_unauth_rce module
2024-09-06 22:10:18 +02:00
7458a2dba3
Remove useless documentation
2024-09-03 20:29:45 +02:00
586cf482ce
Refactoring SPIP Modules for Windows Compatibility and Incorporating SPIP Mixin
2024-08-30 20:37:32 +02:00
84ffa524e5
Land #19424 , WordPress GiveWP Plugin RCE
2024-08-28 21:09:42 +01:00
71ee987079
Add additional documentation steps, and use 0 for the payload http timeout
2024-08-28 19:21:27 +01:00
2900d45e9f
Update documentation/modules/exploit/multi/http/wp_givewp_rce.md
...
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com >
2024-08-28 13:00:32 +02:00
06a9583cfd
Fix typo
2024-08-27 22:16:11 +02:00
1d7cffbdac
Refactored exploit module based on RCESecurity's analysis of CVE-2024-5932
...
- Completely overhauled the method for exploiting the GiveWP plugin by removing dependency on the REST API, which may require authentication.
- Instead, we now use the admin-ajax.php endpoint for retrieving form lists and nonce values, ensuring compatibility even when REST API authentication is required.
- The exploit now works with all form types; however, the give_price_id and give_amount must be set to '0' and '0.00', respectively, as attempts to randomize these values caused the exploit to fail.
2024-08-27 22:15:12 +02:00
8bf354cad2
Land #19417 , Improve wp_backup_migration_php exploit
...
The new PHP filter chain evaluates a POST parameter, which simplifies
the process and reduces the payload size enabling the module to send the
entire paylaod in one POST request instead of writing the payload to a
file character by character over many POST requests. Support for both
Windows and Linux Meterpreter payloads, not just PHP Meterpreter, has
also been added.
2024-08-27 15:17:00 -04:00
d249711480
Update doc
2024-08-27 20:27:46 +02:00
61fa0c40b8
Update documentation/modules/exploit/multi/http/wp_backup_migration_php_filter.md
2024-08-27 14:14:28 -04:00
bc7840ea7f
Add wp_givewp_rce exploit module
2024-08-27 19:50:35 +02:00
6c24e0a952
Land #19393 , Update OFBiz ProgramExport RCE for Patch Bypass
...
Merge branch 'land-19393' into upstream-master
2024-08-27 11:48:38 -05:00
c32c1e3a66
Update doc
2024-08-24 17:31:09 +02:00
Martin Sutovsky