adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,842 Commits 27 Branches 1,043 Tags
c70043f84286ed1eff7da2fef5dd7f2122b81663
Commit Graph

19079 Commits

Author SHA1 Message Date
Brendan 7ddffc790c Merge pull request #19460 from gardnerapp/game_overlay 
Land #19460, CVE-2023-2640, CVE-2023-32629 Game Overlay Ubuntu Privilege Escalation
 2024-12-18 14:44:57 -06:00
Martin Sutovsky 531ed162db Land #19733, exploit module for CVE-2022-40471 - unauthenticated RCE 2024-12-18 12:44:34 +01:00
bwatters-r7 59229ee612 Update payload name, fix payload escapes & quotation, add unix cmd support 2024-12-17 16:52:24 -06:00
aaryan-11-x f2d723d1d0 Modified the code logic as instructed by the reviewer & removed the instance variable 2024-12-17 21:39:30 +05:30
aaryan-11-x f5329a71df Added the DELETE_FILES option to delete leftover files by the exploit with the FileDropper mixin 2024-12-17 17:00:06 +05:30
aaryan-11-x 4c51165ec6 Made necessary changes as mentioned by the reviewer 2024-12-17 16:07:58 +05:30
jheysel-r7 6f9982db54 Land #19647 Added module for WSO2 API Manager RCE 
Adds an exploit module for a vulnerability in the 'Add API Documentation' feature of WSO2 API Manager and allows malicious users with specific permissions to upload arbitrary files to a user-controlled server location. This flaw allows for RCE on the target system.
 2024-12-16 07:27:23 -08:00
aaryan-11-x eb5385a23d msftidy & Rubocop Fixes 2024-12-16 14:45:04 +05:30
aaryan-11-x 08519defc7 RuboCop Fixes 2024-12-16 11:36:23 +05:30
msutovsky-r7 ab55286e0b Land #19721, Fix version in CVE-2020-0668 module 
Fix version check for cve-2020-0668 Service Tracing
 2024-12-13 20:47:17 +01:00
jheysel-r7 afd3d0b66c Land #19713, Add exploit module for WP Time Capsule RCE 
This exploits a Remote Code Execution (RCE) vulnerability identified as CVE-2024-8856 in the WordPress WP Time Capsule plugin (versions ≤ 1.22.21). This vulnerability allows unauthenticated attackers to upload and execute arbitrary files due to improper validation within the plugin.
 2024-12-12 18:19:09 -08:00
jheysel-r7 add7c7b177 Remove potential NoMethodError in fail_with call 2024-12-12 18:04:10 -08:00
bwatters-r7 48ed31f323 Fix version check 2024-12-12 17:11:53 -06:00
Valentin Lobstein 9c8db05dc6 Update modules/exploits/multi/http/wp_time_capsule_file_upload_rce.rb 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2024-12-12 22:06:04 +01:00
jheysel-r7 c7f7cfd848 Land #19656 Close ssh session on error 2024-12-11 17:00:17 -08:00
adfoster-r7 136599a29a Merge pull request #19714 from bwatters-r7/update/projectsend-cveinfo 
Add CVE info to projectsend module
 2024-12-11 13:54:06 +00:00
bwatters-r7 5311b7014e Add CVE info to projectsend module 2024-12-11 07:37:43 -06:00
Heyder Andrade 41e7bf8812 Enhance: Rollback to register_file_for_cleanup 
- Verified that the CWD is the WSO2_SERVER_HOME, allowing the uploaded payload file to be registered for cleanup using register_file_for_cleanup.
- Improved feedback by including the payload filename in the success message.
- Removed redundant on_new_session cleanup logic, as file management is now handled by FileDropper.
 2024-12-11 11:58:53 +01:00
Chocapikk 7b918b24c9 Add platform 2024-12-11 02:17:11 +01:00
Chocapikk 7d559e0b34 Add exploit module for CVE-2024-8856 - WP Time Capsule RCE 2024-12-11 01:14:17 +01:00
jheysel-r7 0b5e221620 Land #19533, Update werkzeug rce module 2024-12-09 12:56:35 -08:00
Graeme Robinson 7838a943ce Update werkzeug_debug_rce.rb 
Added comments about where version-dependant salts come from
 2024-12-08 21:01:17 +00:00
Heyder Andrade f3f1c893a1 Added cleanup method 2024-12-08 02:12:16 +01:00
Heyder Andrade c953601335 Fix: it needs at least 2 follows redirect 2024-12-08 00:13:12 +01:00
Heyder Andrade edb9fdc682 Merge 2024-12-08 00:10:35 +01:00
adfoster-r7 2421ca768f Merge pull request #19705 from ostrichgolf/projectsend_rce 
Add CVE to ProjectSend module
 2024-12-07 14:24:20 +00:00
ostrichgolf 2952dbb0b8 Add CVE to module 2024-12-07 14:23:30 +01:00
jheysel-r7 0e5cf3f7ba Land #19649, Primefaces RCE (CVE-2017-1000486) 2024-12-06 16:22:06 -08:00
jheysel-r7 6cfc18a1e7 Land #19661, WordPress Really Simple Security Plugin RCE (CVE-2024-10924) 2024-12-06 16:19:56 -08:00
jheysel-r7 2357c8ad55 Standardize capitalization of Java Expression Language 2024-12-06 16:00:58 -08:00
Chocapikk 8f274f0189 Remove complexity 2024-12-06 22:48:59 +01:00
h00die e33200100d peer review 2024-12-06 15:34:40 -05:00
Jack Heysel f720b519c9 Lint 2024-12-06 06:22:03 -08:00
Jack Heysel 7c9bddc6e6 Added use of send_request_cgi! 2024-12-06 06:20:46 -08:00
Diego Ledda be30a06af4 Land #19430, Moodle RCE (CVE-2024-43425) Module 
Land #19430, Moodle RCE (CVE-2024-43425) Module
 2024-12-06 12:15:35 +01:00
jheysel-r7 8ac7348be0 Land #19608 CyberPanel Pre-Auth RCE 
Adds a CyberPanel Pre-Auth RCE Exploit Module for (CVE-2024-51378 / CVE-2024-51567 / CVE-2024-51568)
 2024-12-05 09:35:35 -08:00
Chocapikk 9de6a898cd Re-add wordpress detection check 2024-12-05 16:19:15 +01:00
Chocapikk 022533db59 Fix check and use rest_route 2024-12-05 16:19:15 +01:00
Chocapikk 86bc3ceb5e Handle case when 2FA is disabled 2024-12-05 16:19:15 +01:00
Chocapikk a123234141 Add CVE-2024-10924 2024-12-05 16:19:09 +01:00
Chocapikk b8ec13e9dc Lint 2024-12-05 16:05:25 +01:00
Heyder Andrade d5f0c6108c Fix: Ensure api_list returns a list even when created during execution 2024-12-05 14:34:20 +01:00
Valentin Lobstein ca45c6439f Update modules/exploits/unix/webapp/cyberpanel_preauth_rce_multi_cve.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-05 08:20:59 +01:00
jheysel-r7 e8911f9129 Land #19402 vCenter Sudo LPE (CVE-2024-37081) 2024-12-04 18:25:05 -08:00
h00die bca3626cf2 peer review 2024-12-04 18:39:43 -05:00
Chocapikk 0fecf5be65 Add Referer header 2024-12-04 20:55:51 +01:00
Heyder Andrade 964261283b Fix: Handle full-location redirects in send_request_cgi 
- Resolved an issue where redirects with full-location URLs were not properly handled by `send_request_cgi`.
- Implemented a quick solution for now; open to suggestions for a more robust approach.
- Tested behavior without proxy interference, as Burp previously masked the issue.
 2024-12-04 20:05:07 +01:00
jheysel-r7 21cf475cbb Land #19595 Ivanti Connect Secure auth RCE via OpenSSL (CVE-2024-37404) 2024-12-04 08:26:07 -08:00
Diego Ledda ab2ca41eb8 Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220) 
Land #19629, Chamilo v1.11.24 Unrestricted File Upload (CVE-2023-4220)
 2024-12-04 16:49:56 +01:00
Heyder Andrade fabced539d Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-12-04 16:44:48 +01:00