adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51,859 Commits 27 Branches 1,043 Tags
d4e79cffe7610f183e3abf474eebf74bd12ef183
Commit Graph

26388 Commits

Author SHA1 Message Date
William Vu 581b20794c Land #11859, struts2_rest_xstream style fix 2019-05-20 12:39:48 -05:00
William Vu 0328814241 Indent ternary statement in struts2_rest_xstream 2019-05-20 12:35:52 -05:00
bwatters-r7 e1f898fe52 Land #11834, Fix ams_hndlrsvc 
Merge branch 'land-11834' into upstream-master
 2019-05-20 12:29:45 -05:00
Wei Chen ad08c4e56b Land #11828, Add CVE-2017-18357: Shopware Object Instantiation 2019-05-17 18:22:48 -05:00
Wei Chen 9b46e7a347 Normalize PHP payload path 2019-05-17 18:20:59 -05:00
Brent Cook 930952e994 Land #11374, add super-small version of bind tcp random payload 2019-05-17 03:13:40 -07:00
Brent Cook 9ae01c98c9 merge super-tiny payload into tiny payload, invoke on available size 2019-05-17 03:12:01 -07:00
William Vu 2a06d038ed Land #11842, Powershell::wrap_double_quotes fix 2019-05-16 13:25:29 -05:00
Shelby Pace 730f912fea Land #11802, add GetSimple CMS RCE module 2019-05-16 11:30:21 -05:00
7echSec 328b4fa860 Addressing Syntax error 2019-05-16 21:06:47 +05:30
7echSec c947cd76f6 Removed register_advanced_options 
Added 'Powershell::wrap_double_quotes' => false in DefaultOptions.
 2019-05-16 14:19:52 +05:30
7echSec 053ceed171 Regression fix: Disabling wrap_double_quotes 
This client side exploit stopped working in current MSF throws an error in client browser.As per the analysis its because of Powershell::wrap_double_quotes=true. 
I have just Added "Powershell::wrap_double_quotes"  as advance option to override Datastore value.
 2019-05-16 12:39:42 +05:30
Shelby Pace 6210a28f32 added checks to at, changed some uris 2019-05-15 15:40:27 -05:00
Jeffrey Martin dacc3b3df2 Land #11548, unifi backup downloader 2019-05-14 17:46:14 -05:00
h00die 0f6eacda88 add nonverbose prints 2019-05-14 15:54:44 -04:00
stevenseeley 1df703b85f added some vprint_error calls in the check 2019-05-13 17:36:06 -05:00
stevenseeley e8fec2a77b don't override the check method 2019-05-12 20:08:52 -05:00
h00die 3a305fd7fa add version numbers to ams_hndlrsvc 2019-05-10 16:42:09 -04:00
h00die f50c89ca0a ams_hndlrsvc updates 2019-05-10 16:38:22 -04:00
h00die 185b740d87 msftidy 2019-05-10 15:26:17 -04:00
h00die 097a503113 unifi 5.10.23 and meterp > shell 2019-05-10 15:05:31 -04:00
lilyus 91838419ff Update link to ms09-053 2019-05-10 17:48:37 +02:00
stevenseeley bca160f4c4 final commit: fixed check method to not print as suggested by @bcoles 2019-05-10 09:45:21 -05:00
stevenseeley 6427cb31bf fixed regex a lil 2019-05-09 22:53:39 -05:00
stevenseeley 5ff8394df0 @bcoles is a purist :p 2019-05-09 22:21:26 -05:00
stevenseeley 7953f85c16 updated error message to be NoAccess 2019-05-09 21:29:48 -05:00
stevenseeley a700fcec5d changed regex as suggested by @bcoles 2019-05-09 21:18:14 -05:00
stevenseeley e769ae5c90 fixed some error conditions, changed regex as suggested by @bcoles 2019-05-09 21:14:54 -05:00
stevenseeley 2ff1adb1be fixed timing of exec 2019-05-09 20:58:14 -05:00
stevenseeley 6ffd1d5e95 updated module to address @bcoles's comments 2019-05-09 20:53:49 -05:00
stevenseeley 65c3163518 updated module credits with original discoverer 2019-05-09 17:35:47 -05:00
stevenseeley ba2baa7652 updated module randomization a little more 2019-05-09 16:14:35 -05:00
stevenseeley 2649fa0d65 added a new line at the end 2019-05-09 15:35:00 -05:00
stevenseeley 9b200840a4 added module for CVE-2017-18357 2019-05-09 15:19:01 -05:00
stevenseeley aaa0dd2532 added module for CVE-2017-18357 2019-05-09 15:17:43 -05:00
stevenseeley 89e3a07518 added module for CVE-2017-18357 2019-05-09 15:08:33 -05:00
Wei Chen 310d931bf5 Land #11816, Add CVE-2019-5786 : Chrome 72.0.3626.119 on Windows 7 x86 2019-05-08 11:21:40 -05:00
Wei Chen 923d8b8b2e Fix uri with get_resource 2019-05-08 11:20:36 -05:00
William Vu 413929b7f6 Land #11598, Postgres COPY FROM PROGRAM exploit 2019-05-07 01:12:44 -05:00
asoto-r7 f89b0e848f Land PR#11780, exploit/multi/misc/weblogic_deserialize_asyncresponseservice 2019-05-06 15:36:47 -05:00
asoto-r7 abfe4fd2c2 weblogic_deserialize_asyncresponseservice: Added check method, improved exception handling, minimizing XML strings 2019-05-06 15:16:50 -05:00
Tim W 39969e71fa Initial commit of CVE-2019-5786 2019-05-06 17:05:00 +08:00
Cha0s bd349b8a23 Removed Spaces EOL 2019-05-04 23:24:20 -05:00
Cha0s 4bf0adeade Module corrections 
Corrections in: author metadata, references, removing handler, removing unused  code branch and vulnerable variable, improve module description
 2019-05-04 23:11:40 -05:00
Waqas Ali 48b7f7c904 Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:54 -05:00
Waqas Ali 75c78b761e Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:46 -05:00
Waqas Ali 3a7ebbdc3d Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:26 -05:00
Waqas Ali 33c2a9592a Update (removed parenthesis) modules/exploits/multi/http/getsimplecms_unauth_code_exec.rb 
(removed parenthesis)

Co-Authored-By: truerandom <masterofdisaster@ciencias.unam.mx>
 2019-05-02 02:03:14 -05:00
truerandom ea3e8e5bae exploit module for cve-2019-11231 2019-05-01 20:05:57 -04:00
Shelby Pace a88858fc8b Land #11779, add Rails Doubletap Dev mode RCE 2019-05-01 08:35:28 -05:00