adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
79,231 Commits 27 Branches 1,043 Tags
d2c192e9bf1cde491d596e5fbb87a5a26517801c
Commit Graph

3429 Commits

Author SHA1 Message Date
Brendan 6c4a61fa42 Merge pull request #20761 from Chocapikk/acf-extended-rce 
Add WordPress ACF Extended unauthenticated RCE exploit (CVE-2025-13486)
 2025-12-18 16:03:06 -06:00
Jack Heysel 0589121fb9 Update payload options 2025-12-15 18:52:38 -05:00
Jack Heysel ca2ac75e16 Change react2shell default encoder 2025-12-12 15:22:34 -08:00
jheysel-r7 388a967101 Merge pull request #20749 from nakkouchtarek/grav-ssti-rce 
Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module & Documentation
 2025-12-11 16:13:09 -08:00
Tarek Nakkouch a20e2dfa6e Use send_request_cgi! for automatic redirect handling 2025-12-11 20:03:17 +01:00
Tarek Nakkouch 028aa2f544 Wrap zlib require in begin/rescue block for proper error handling 2025-12-11 19:53:02 +01:00
Tarek Nakkouch df9f546d01 Use HttpClientTimeout datastore option instead of hardcoded timeout value 2025-12-11 19:52:16 +01:00
Tarek Nakkouch 80f60b431c Set default value for FORM_NAME option and remove fallback check 2025-12-11 19:45:24 +01:00
jheysel-r7 0c921ea2e7 Merge pull request #20725 from Chocapikk/magento 
Add Magento SessionReaper (CVE-2025-54236) exploit module
 2025-12-10 08:56:47 -08:00
jheysel-r7 d86c5f0908 Merge pull request #20746 from Chocapikk/king-addons 
Add WordPress King Addons privilege escalation exploit (CVE-2025-8489)
 2025-12-10 08:37:11 -08:00
Valentin Lobstein be4c3c1a91 Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-12-10 06:07:41 +01:00
Valentin Lobstein fc8f07cf91 Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2025-12-10 06:07:23 +01:00
Valentin Lobstein b4d65afcf5 Add exploit module for WordPress ACF Extended CVE-2025-13486 unauthenticated RCE 2025-12-09 22:02:41 +01:00
Valentin Lobstein 6bc2bffd8c Refactor create_admin_user to handle errors internally and remove custom.ini from documentation 2025-12-09 19:20:56 +01:00
Valentin Lobstein 1596d42c6a Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb 
Co-authored-by: Phil Townes <phil_townes@rapid7.com>
 2025-12-09 19:14:44 +01:00
Valentin Lobstein c423ff07c5 Update modules/exploits/multi/http/wp_king_addons_privilege_escalation.rb 
Co-authored-by: Phil Townes <phil_townes@rapid7.com>
 2025-12-09 19:14:36 +01:00
sfewer-r7 1a8e88c054 fix a typo with the use of CVE-2025-55102, it should be CVE-2025-55182 2025-12-09 09:05:59 +00:00
jheysel-r7 66279422d1 Merge pull request #20747 from vognik/2025-55182 
Add CVE-2025-55182 / CVE-2025-66478
 2025-12-08 13:41:49 -08:00
Tarek Nakkouch e45eda6ead Replace gsub with encode_base64 delimiter parameter 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-08 19:48:01 +01:00
Tarek Nakkouch e08c18c720 Remove ARTIFACTS_ON_DISK side effect 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-08 15:42:29 +01:00
Tarek Nakkouch 77f4fe9c98 Update module name 
Co-authored-by: Julien Voisin <jvoisin@users.noreply.github.com>
 2025-12-08 15:41:31 +01:00
vognik bdd7cb5365 upgraded payload 2025-12-08 01:32:43 -08:00
Tarek Nakkouch 5fcc33d203 Implement zlib compression before base64 encoding to minimize payload size 2025-12-07 22:25:51 +01:00
Tarek Nakkouch d17dc184bf Strengthen Grav CMS fingerprinting with strict HTML parsing 2025-12-07 17:14:35 +01:00
vognik 1dde12b483 fix naming errors 2025-12-06 02:53:38 -08:00
vognik 38682b5ed6 refactoring 2025-12-05 14:58:59 -08:00
vognik e1982475ca replaced the noisy check method with a silent one 2025-12-05 11:32:07 -08:00
vognik 7b8c08d778 some refactoring 2025-12-05 10:47:06 -08:00
vognik 88309b5a4a add suggestions from @Chocapikk 2025-12-05 08:02:56 -08:00
vognik 918f474fc6 fixed the nits 2025-12-05 00:47:19 -08:00
vognik 3669e3cdcc add unused code 2025-12-05 00:25:21 -08:00
vognik b6188e6f50 fix target_uri error 2025-12-05 00:12:52 -08:00
vognik 770e63b0d1 add windows documentation 2025-12-05 00:06:58 -08:00
vognik a12431e1a3 add suggestions from @sfewer-r7 2025-12-04 23:58:22 -08:00
Maksim Rogov 5b299a0489 Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:51 +03:00
Maksim Rogov d9977f31fc Update modules/exploits/multi/http/react2shell_cve_2025_55102.rb 
Co-authored-by: bcoles <bcoles@gmail.com>
 2025-12-05 10:10:35 +03:00
vognik e51ea0ae23 improve documentation 2025-12-04 23:03:13 -08:00
vognik bff7d0836a change execSync to exec 2025-12-04 22:54:35 -08:00
vognik 23e5f68c87 remove debug 2025-12-04 22:44:23 -08:00
vognik f71a71ab18 add exploit mvp 2025-12-04 22:16:27 -08:00
Tarek Nakkouch 3c4fdfcad0 Add Grav CMS Twig SSTI Sandbox Bypass RCE Exploit Module (CVE-2025-66294) 2025-12-05 00:01:56 +01:00
Diego Ledda 4d52e22480 Merge pull request #20720 from Chocapikk/wp-ai-engine 
Add WordPress AI Engine MCP RCE exploit (CVE-2025-11749)
 2025-12-04 12:56:04 +01:00
Valentin Lobstein 5781e5ba7d Update reference URL 2025-12-04 01:52:25 +01:00
Valentin Lobstein b3fc1b05e5 Add WordPress King Addons privilege escalation exploit (CVE-2025-8489) 2025-12-04 01:37:40 +01:00
Valentin Lobstein 0ccffdd5ff Fix wp_ai_engine_mcp_rce: handle existing users by updating password via MCP fields API 2025-12-03 00:41:16 +01:00
Valentin Lobstein b1b41017c1 Use CheckCode constants instead of string comparison in check method 2025-11-27 22:53:32 +01:00
Valentin Lobstein 4d24789d04 Make USERNAME, PASSWORD, and EMAIL datastore options required 2025-11-27 22:52:19 +01:00
msutovsky-r7 b6330acb12 Land #20718, adds module for Monsta FTP RCE (CVE-2025-34299) 
Add Monsta FTP downloadFile RCE (CVE-2025-34299)
 2025-11-27 15:16:58 +01:00
Valentin Lobstein c8ec6e2e0d Fix magento_sessionreaper: use server-returned upload path when available, fallback to default path 2025-11-26 19:11:21 +01:00
Valentin Lobstein 819b259b4c Apply reviewer suggestions 2025-11-26 18:27:52 +01:00