adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
71,311 Commits 27 Branches 1,043 Tags
cf9976d8570aede213b2bdedd1e53d3076310d69
Commit Graph

2769 Commits

Author SHA1 Message Date
ismaildawoodjee 19dcc2d674 Move module and documentation from linux/http to multi/http 2023-08-02 10:10:27 -04:00
adfoster-r7 b979217227 Land #18239, Add version numbers to apache nifi rce module 2023-07-31 22:28:52 +01:00
h00die 5d9a65eeb0 version numbers for apache nifi rce 2023-07-31 16:14:57 -04:00
Christophe De La Fuente 56661f49ee Add a comment explaining why the Windows target is disabled 2023-07-31 15:13:35 +02:00
Ege Balcı c509b7b341 Comment out Windows target related lines 2023-07-28 17:06:21 +02:00
Ege Balcı 225a33995a Merge branch 'rudder_server_sqli_rce' of github.com:egebalci/metasploit-framework into rudder_server_sqli_rce 2023-07-28 00:54:29 +02:00
Ege Balcı 6b11439fa1 Remove basic auth and API_USER/PASS options 2023-07-28 00:44:44 +02:00
Ege Balcı 5d00f882ad Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: Jeffrey Martin <jeffrey_martin@rapid7.com>
 2023-07-27 21:58:06 +00:00
Ege Balcı ca9601bb58 Fixed check method and targets 2023-07-26 18:01:26 +02:00
Ege Balcı 5b5f666256 Make rubocop happy 2023-07-26 16:26:18 +02:00
Ege Balcı 006831938d Adjust targets 2023-07-26 16:26:18 +02:00
Ege Balcı f5e91f686c Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:18 +02:00
Ege Balcı d50fceca40 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı 1b52c7c8ba Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı bc58254db8 Update modules/exploits/multi/http/rudder_server_sqli_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-07-26 16:26:17 +02:00
Ege Balcı d6328edc27 Make rubocop happy 2023-07-26 16:26:17 +02:00
Ege Balcı 47f48e8adb Add rudder-server SQLI RCE (CVE-2023-30625) exploit 2023-07-26 16:26:17 +02:00
h00die-gr3y 43056ad621 removed powershell mixin 2023-07-25 14:06:45 +01:00
h00die-gr3y c1d84e950c Update based on bwatters-r7 comments 2023-07-25 14:06:44 +01:00
h00die-gr3y 45eacec846 Updated module with WordPress check 2023-07-25 14:06:44 +01:00
h00die-gr3y cda6ab5960 init commit module 2023-07-25 14:06:29 +01:00
bwatters 297c484a1c Land #18173, Add Openfire Authentication Bypass RCE [CVE-2023-32315] 
Merge branch 'land-18173' into upstream-master
 2023-07-18 18:13:20 -05:00
h00die-gr3y 7f35abff86 fixed the invalid character at the store_valid_credential‎ function 2023-07-18 08:38:06 +00:00
h00die-gr3y 0ff2ca4f40 updates based on latest comments 2023-07-16 18:43:21 +00:00
H00die.Gr3y f608424242 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
Co-authored-by: Brendan <bwatters@rapid7.com>
 2023-07-15 12:02:22 +02:00
bwatters b15d595de2 Adjust files to be better shared 2023-07-14 12:47:04 -05:00
h00die-gr3y c34779a5f1 updates based on comments of jvoisin and adfoster-r7 2023-07-09 12:20:58 +00:00
h00die-gr3y 8edbf73b6f first release exploit module 2023-07-08 09:48:17 +00:00
Jack Heysel f1b5cd46f4 Apache RocketMQ update config RCE 2023-07-05 12:38:51 -04:00
Jack Heysel bf1e6bddd1 Land #18134, Add exploit for CVE-2023-25194 
This exploits a Java deserialization vulnerbility
in Apache Druid which arises from a JNDI injection
within Apache Kafka clients.
 2023-06-23 16:52:04 -04:00
Heyder Andrade b026b38851 Apply suggestions from code review 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2023-06-23 09:36:50 +02:00
Redwaysecurity.com 77bb6759a6 Review suggestions 2023-06-22 18:12:13 +02:00
dwelch-r7 e298788a28 Land #18049, Update jenkins login scanner to work with newer versions 2023-06-22 14:04:24 +01:00
Redwaysecurity.com a8332e6064 Added exploit for CVE-2023-25194 2023-06-22 14:17:32 +02:00
cgranleese-r7 0609d246f3 adds more future proofing to implementation 2023-06-21 14:19:24 +01:00
Grant Willcox 5b39eaafc1 Land #18074, Fix exception handling in gitlab_github_import_rce_cve_2022_2992 module 2023-06-07 14:52:21 -05:00
Christophe De La Fuente 82c8b5418e Land #17936, PaperCutNG Authentication Bypass with RCE 2023-06-07 15:05:51 +02:00
Christophe De La Fuente 451735ad15 Fix exception handler & add doc 2023-06-06 17:43:22 +02:00
cgranleese-r7 18ddd72285 Update jenkins login scanner to work with newer versions 2023-06-06 11:54:55 +01:00
catatonicprime 3875947f7d Removing unnecessary assignment 2023-05-31 19:17:30 +00:00
Catatonic Prime 6351c66b1e Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-31 08:56:13 -07:00
Catatonic Prime 6ad9ebb5c0 Update modules/exploits/multi/http/papercut_ng_auth_bypass.rb 
Co-authored-by: Christophe De La Fuente <56716719+cdelafuente-r7@users.noreply.github.com>
 2023-05-31 08:48:53 -07:00
catatonicprime 530ed911f4 Fixing ZDI ID 2023-05-30 19:03:01 +00:00
catatonicprime b376dac34b okay linter 2023-05-30 18:40:59 +00:00
catatonicprime cbf850b2b7 Apparently the comment after the rescue squelchs the linter. 2023-05-30 18:38:48 +00:00
catatonicprime a445b07233 removing unnecessary call to payload_uri 2023-05-11 16:35:53 +00:00
catatonicprime d50bd24c2f Adding config cleanup. 2023-05-11 04:57:57 +00:00
catatonicprime cb2c6a7d80 Prevent bypass_auth from being called twice when AutoCheck is true 2023-05-11 00:34:47 +00:00
Grant Willcox 9f0a6503b7 require.js is not the only way, account for this new discovery in code 2023-05-10 13:02:02 -05:00
Grant Willcox 5d4e68d36c Add Metasploit payload example and remove message that may suggest successful exploitation occurred even when it didn't 2023-05-10 10:36:29 -05:00