adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
74,110 Commits 27 Branches 1,043 Tags
d7531ef74c448c2fe2ce06336c7e4792f2dee4db
Commit Graph

4604 Commits

Author SHA1 Message Date
Christophe De La Fuente 120fa0f2fe Land #19208, Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-06-05 10:17:02 +02:00
Christophe De La Fuente 67ec4baa66 PR-19208: Add DefaultTarget to the info hash 2024-06-05 10:14:48 +02:00
Chocapikk 6b127249fa Add suggestions 2024-05-31 20:56:03 +02:00
adfoster-r7 1281f4726f Land #19209, update fileformat modules to show the default template datastore values 2024-05-31 15:12:48 +01:00
Zach Goldman 847b29178a change nil guards to default values, nil or blank guards for certain datastore options 2024-05-29 09:34:58 -05:00
Chocapikk bea708d24c Add exploit module for CVE-2024-5084: WordPress Hash Form Plugin RCE 2024-05-28 18:27:02 +02:00
Jack Heysel 10acd86390 Land #19071, Add AVideo RCE module 
Add module for CVE-2024-31819 which exploits an LFI in AVideo which uses
PHP Filter Chaining to turn the LFI into unauthenticated RCE
 2024-05-21 14:27:15 -04:00
Chocapikk da31761336 Lint 2024-05-15 22:13:53 +02:00
Valentin Lobstein 3900680a96 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:45 +02:00
Valentin Lobstein c815c2b15c Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:19 +02:00
Valentin Lobstein 7d2c06a246 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:07:04 +02:00
Valentin Lobstein cd10c2d208 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-05-15 22:06:53 +02:00
adfoster-r7 5e1dc05f09 Fix apache_normalize_path_rce check method 2024-05-01 20:01:38 +01:00
jheysel-r7 6055d8a005 Apply suggestions from code review 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-29 17:37:49 -04:00
Jack Heysel 3b57fbf052 ActiveMQ fixes 2024-04-26 14:25:16 -07:00
Jack Heysel 429eaff5ca RocketMQ fixes 2024-04-26 14:24:08 -07:00
Jack Heysel b8675f0fd7 Land #19005, Add Gambio Webshop Unauth RCE 
A Remote Code Execution vulnerability in Gambio online webshop version
4.9.2.0 and lower allows remote attackers to run arbitrary commands via
unauthenticated HTTP POST request
 2024-04-19 12:18:17 -07:00
jheysel-r7 3205fe9e63 Apply suggestions from code review 2024-04-19 13:44:18 -04:00
Jack Heysel 27f5ad8e05 Land #18996, VSCode Malicious Ext module 
This PR adds a new exploit that creates a malicious vsix file. a vsix
file is a VS and VSCode extension file. Once installed, the users
computer will call back with a shell. Its not a bug, its a feature!
 2024-04-18 18:10:46 -07:00
Jack Heysel bcaa5359da Land #18997, Add GitLens VSCode Extension Exploit 
GitKraken GitLens before v.14.0.0 allows an untrusted workspace to
execute git commands. A repo may include its own .git folder including a
malicious config file to execute arbitrary code.
 2024-04-18 17:19:41 -07:00
h00die a551ef136c remove default shells on gitlens module 2024-04-18 17:31:02 -04:00
h00die-gr3y 331c961412 update module and documentation with tax country logic 2024-04-18 19:13:19 +00:00
h00die ecac5c8fa8 vsix review 2024-04-17 16:13:44 -04:00
h00die bae1a2e20f gitlens review 2024-04-17 16:06:32 -04:00
Jack Heysel 84ea514180 Land #19026, Add pgadmin exploit CVE-2024-2044 
This adds an exploit for pgAdmin <= 8.3 which is a path traversal
vulnerability in the session management that allows a Python pickle
object to be loaded and deserialized. This also adds a new Python
deserialization gadget chain to execute the code in a new thread so the
target application doesn't block the HTTP request.
 2024-04-16 14:12:41 -07:00
Spencer McIntyre 9cf4372f2b Clean up some of the module's documentation 2024-04-16 13:36:21 -04:00
Jack Heysel 1174344b76 Land #18918, Add CrushFTP Module CVE-2023-43177 
This exploit module leverages an Improperly Controlled Modification of
Dynamically-Determined Object Attributes vulnerability (CVE-2023-43177)
to achieve unauthenticated remote code execution. This affects CrushFTP
versions prior to 10.5.1.
 2024-04-12 12:26:16 -07:00
Chocapikk 5870ebc6cf Add suggested changes 2024-04-11 22:48:08 +02:00
Valentin Lobstein deaf3d7649 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:37 +02:00
Valentin Lobstein 0ba0cd6cfa Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:15:01 +02:00
Valentin Lobstein 060e5b1d8b Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:51 +02:00
Valentin Lobstein 8ec8afbc45 Update modules/exploits/multi/http/avideo_wwbnindex_unauth_rce.rb 
Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
 2024-04-11 22:14:44 +02:00
Chocapikk 162fc91193 Add CVE-2024-31819 2024-04-09 22:09:10 +02:00
h00die ee891eca3a spacing 2024-04-07 09:15:50 -04:00
h00die ed1ae32532 sync engine requirements on vsix 2024-04-07 09:13:59 -04:00
Christophe De La Fuente 34f0afa298 Land #19044, Gibbon Online School Platform Authenticated RCE [CVE-2024-24725] 2024-04-05 16:20:11 +02:00
h00die-gr3y 8afbbc1553 third release module based on smcintyre-r7 comments 2024-04-04 17:14:32 +00:00
h00die-gr3y 8aa6d19e7d second release module 2024-04-01 20:21:37 +00:00
h00die-gr3y d8942b27a2 first release module 2024-04-01 14:49:10 +00:00
Noam Rathaus 609d356083 Extra ',' is causing ruby issues 2024-03-30 17:02:13 +03:00
Spencer McIntyre 43d1bd9a2e Add docs and fix CSRF token for v7.0 2024-03-29 14:05:39 -04:00
Spencer McIntyre c7976d204c Add module metadata and clean things up 2024-03-29 10:40:43 -04:00
Spencer McIntyre 2292da9164 Add the UNC loading technique too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 9dcd0e461f Delete the file using the file manager too 2024-03-29 09:33:47 -04:00
Spencer McIntyre 8fa7aa6407 Initial exploit for CVE-2024-2044 2024-03-29 09:33:44 -04:00
Christophe De La Fuente e6e13e7b45 Fixes from code review 2024-03-29 12:18:16 +01:00
h00die-gr3y 9f50f12e6e update addressing cdelafuente-r7 comments 2024-03-28 18:16:11 +00:00
Jack Heysel abb2eb7ffd Land #18891, Add RCE module for wp bricks builder 
This PR adds the wp_bricks_builder_rce exploit module that targets a
known vulnerability in the WordPress Bricks Builder Theme, versions
prior to 1.9.6.
 2024-03-26 14:46:35 -07:00
Balgogan b9b4a624d9 Fix typos 2024-03-26 21:05:35 +01:00
Valentin Lobstein abc39e86f9 Update modules/exploits/multi/http/wp_bricks_builder_rce.rb 
Co-authored-by: jheysel-r7 <Jack_Heysel@rapid7.com>
 2024-03-26 20:40:04 +01:00